EXECUTIVE SUMMARY:
Researchers have released a security patch for its ScreenConnect remote access software to address a critical vulnerability, CVE-2025-3935, which affects versions up to 25.2.3 and is due to improper authentication. This flaw allows attackers to exploit ViewState code injection, potentially enabling remote code execution on vulnerable systems. The vulnerability has a high severity CVSS score of 8.1 and affects the ASP.NET Web Forms mechanism used to preserve page states. The issue arises from compromised machine keys, which attackers can use to craft malicious ViewState data. ConnectWise has rated the vulnerability as a Priority 1 (High) due to its exploitability and the availability of public machine keys. While cloud-based users are protected, on-premises users must upgrade to latest version and check for signs of compromise before restoring services. The vulnerability follows previous critical flaws in ScreenConnect that have been exploited by threat actors, underlining the ongoing security risks for remote access software.
RECOMMENDATION:
REFERENCES:
The following reports contain further technical details:
https://cybersecuritynews.com/screenconnect-vulnerability-malicious-code/