← ExploitWatch
HomeExploited Vulnerabilities

CVE-2025-3935 — Actively Exploited: ScreenConnect (ConnectWise)

ConnectWise ScreenConnect contains an improper authentication vulnerability. This vulnerability could allow a ViewState code injection attack, which could allow remote code execution if machine keys are compromised.

CVE IDCVE-2025-3935
VendorConnectWise
ProductScreenConnect
Vulnerability nameConnectWise ScreenConnect Improper Authentication Vulnerability
Date added2025-06-02
Remediation due2025-06-23
Known ransomware useUnknown
Required actionApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
DescriptionConnectWise ScreenConnect contains an improper authentication vulnerability. This vulnerability could allow a ViewState code injection attack, which could allow remote code execution if machine keys are compromised.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →