Update on-prem ConnectWise Automate to secure agent traffic & file validation

On October 16, 2025, ConnectWise released version 2025.9 of its Automate™ platform to address two vulnerabilities affecting agent communication and update integrity.

ConnectWise Automate is a remote monitoring and management (RMM) platform used by managed service providers (MSPs) to automate IT tasks across distributed networks.

The flaws, tracked as CVE-2025-11492 and CVE-2025-11493, could allow a network-adjacent attacker to intercept and manipulate agent traffic, resulting in remote code execution on managed endpoints.

• CVE-2025-11492 allows agents to be configured to use HTTP instead of HTTPS for communication with the Automate server in on-premise environments. This misconfiguration enables an adversary-in-the-middle (AiTM) to intercept, modify, or replay traffic between agents and servers. The vulnerability is classified under CWE-319: Cleartext Transmission of Sensitive Information and carries a CVSS v3.1 base score of 9.6 out of 10.
• CVE-2025-11493 affects the agent update mechanism, where downloaded files, including updates and integrations, are not fully verified for authenticity. The vulnerability is classified under CWE-494: Download of Code Without Integrity Check and carries a CVSS v3.1 base score of 8.8.

When combined, these flaws could enable an attacker in a privileged network position to intercept and replace legitimate update files with malicious ones. This can result in remote code execution on systems managed by ConnectWise Automate agents, particularly in on-premises deployments with insecure configurations.

To mitigate the risk, version 2025.9 enforces HTTPS for all agent communications and updates encryption methods. Cloud instances have already been updated to the latest Automate release. 

Stay on top of emerging threats like this.

Sign up to receive a weekly roundup of our security intelligence feed. You'll be the first to know of emerging attack vectors, threats, and vulnerabilities. 

Sign up

Analyst insight

These vulnerabilities primarily impact on-premises deployments where agents may be configured to use HTTP or lack proper file integrity validation.

Mitigation involves updating to Automate version 2025.9 and ensuring all agent communications are configured to use HTTPS.

Disabling HTTP fallback and enforcing Transport Layer Security version 1.2 are recommended to maintain secure channels.

Organizations operating on-premises Automate servers are advised to audit agent configurations and monitor for anomalous traffic patterns.

ConnectWise has published detailed guidance on its security bulletin page.