Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: Vulnerabilities in ConnectWise Automate could lead to pushing malicious updates to managed systems. Patch immediately!
Image
Published : 21/10/2025
- Last update: 21/10/2025
- Affected software: ConnectWise Automate
- Type:
→ Cleartext Transmission of Sensitive Information
→ Download of Code Without Integrity Check- CVE/CVSS
→ CVE-2025-11492: CVSS 9.6 CRITICAL (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
→ CVE-2025-11493: CVSS 8.8 HIGH (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Sources
Risks
ConnectWise has released a security update for ConnectWise Automate addressing vulnerabilities that could expose agent communications and updates, leading to interception or tampering if certain configurations are used.
An on-path threat actor with a man-in-the-middle network position could intercept, modify, or replay agent-server traffic (CVE-2025-11492) and substitute malicious files for legitimate ones by impersonating a legitimate server (CVE-2025-11493).
By chaining these 2 vulnerabilities, an attacker could push malicious updates to managed systems by impersonating a legitimate server.
Description
In the ConnectWise Automate Agent, communications could be configured to use HTTP instead of HTTPS (CVE-2025-11492).
The ConnectWise Automate Agent does not fully verify the authenticity of files downloaded from the server, such as updates, dependencies, and integrations (CVE-2025-11493).
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
The vendor recommends updating to the 2025.9 release: https://docs.connectwise.com/ConnectWise_Automate_Documentation/100/Automate_Release_Notes_Version_2025/ConnectWise_Automate_Release_Notes_2025.9
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.
While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.
References
Bleeping Computer - https://www.bleepingcomputer.com/news/security/connectwise-fixes-automate-bug-allowing-aitm-update-attacks/
SOCRadar - https://socradar.io/connectwise-automate-fake-updates-cve-2025-11492/