Security News > 2025 > June > Attackers breached ConnectWise, compromised customer ScreenConnect instances
2025-06-02 17:04
A suspected “sophisticated nation state actor” has compromised ScreenConnect cloud instances of a “very small number” of ConnectWise customers, the company has revealed on Wednesday. “We have not observed any additional suspicious activity in ScreenConnect cloud instances since the patch was released on April 24,” they added on Friday. The patch in question fixes CVE-2025-3935, a ViewState deserialization vulnerability affecting ScreenConnect versions 25.2.3 and earlier, which can allow attackers to inject malicious code and achieve … More → The post Attackers breached ConnectWise, compromised customer ScreenConnect instances appeared first on Help Net Security.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-04-25 | CVE-2025-3935 | Unspecified vulnerability in Connectwise Screenconnect ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code injection attack. | 7.2 |