CVE-2025-11492

CRITICAL

Connectwise Automate < 2025.9 - Cleartext Transmission

Title source: rule

Description

In the ConnectWise Automate Agent, communications could be configured to use HTTP instead of HTTPS. In such cases, an on-path threat actor with a man-in-the-middle network position could intercept, modify, or replay agent-server traffic. Additionally, the encryption method used to obfuscate some communications over the HTTP channel is updated in the Automate 2025.9 patch to enforce HTTPS for all agent communications.

Exploits (1)

nomisec WORKING POC 1 stars

by synap5e · poc

https://github.com/synap5e/connectwise-automate-AiTM-rce

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://www.connectwise.com/company/trust/security-bulletins/connectwise-automate-2025.9-security-fix

Scores

CVSS v3 9.6

EPSS 0.0001

EPSS Percentile 0.8%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-319

Status published

Products (1)

connectwise/automate < 2025.9

Published Oct 16, 2025

Tracked Since Feb 18, 2026