Security Advisory

CVE-2025-11493

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-10-16 19:00:39
Last updated 2026-02-26 16:57:24
Assigner ConnectWise
State PUBLISHED

Description

The ConnectWise Automate Agent does not fully verify the authenticity of files downloaded from the server, such as updates, dependencies, and integrations. This creates a risk where an on-path attacker could perform a man-in-the-middle attack and substitute malicious files for legitimate ones by impersonating a legitimate server. This risk is mitigated when HTTPS is enforced and is related to CVE-2025-11492.