CVE-2025-3935: ConnectWise ScreenConnect Improper Authentication
ConnectWise ScreenConnect Improper Authentication Vulnerability. ConnectWise ScreenConnect contains an improper authentication vulnerability. This vulnerability could allow a ViewState code injection attack, which could allow remote code execution if machine keys are compromised.
- CISA KEV-listed (remediation due 2025-06-23)
- EPSS 6.1% (91.0% percentile)