On October 16, 2025, ConnectWise released version 2025.9 of its Automate™ platform to address two vulnerabilities affecting agent communication and update integrity.
ConnectWise Automate is a remote monitoring and management (RMM) platform used by managed service providers (MSPs) to automate IT tasks across distributed networks.
The flaws, tracked as CVE-2025-11492 and CVE-2025-11493, could allow a network-adjacent attacker to intercept and manipulate agent traffic, resulting in remote code execution on managed endpoints.
When combined, these flaws could enable an attacker in a privileged network position to intercept and replace legitimate update files with malicious ones. This can result in remote code execution on systems managed by ConnectWise Automate agents, particularly in on-premises deployments with insecure configurations.
To mitigate the risk, version 2025.9 enforces HTTPS for all agent communications and updates encryption methods. Cloud instances have already been updated to the latest Automate release.
These vulnerabilities primarily impact on-premises deployments where agents may be configured to use HTTP or lack proper file integrity validation.
Mitigation involves updating to Automate version 2025.9 and ensuring all agent communications are configured to use HTTPS.
Disabling HTTP fallback and enforcing Transport Layer Security version 1.2 are recommended to maintain secure channels.
Organizations operating on-premises Automate servers are advised to audit agent configurations and monitor for anomalous traffic patterns.
ConnectWise has published detailed guidance on its security bulletin page.