Get Support

Request a Quote

Platform

IT Service & Endpoint Management

Cybersecurity & Data Protection

Platform Benefits

Free TrialsProduct RoadmapCase Studies

ConnectWise has acquired zofiQ, a leading agentic AI company – see the announcement!
Solutions

By Organization

By Need

By Product Category

Free TrialsProduct RoadmapCase Studies

The first and only true MSP platform
Resources

Training & Resources

Events & Communities

Product SupportResource LibraryPartner Program

Let’s meet up at the industry’s largest MSP event!
About Us

About Us

News & Press

See why ConnectWise is the leading partner for IT businesses
ConnectWise
;

ScreenConnect™ Certificate Signing Extension 1.0.12 Security Update

Date: 12/18/2025
Product(s): ConnectWise ScreenConnect
Severity: Moderate
Priority: 2 – Moderate

Summary

The ScreenConnect™ Certificate Signing Extension may include encrypted configuration values in responses sent to unauthenticated users. While these values remain encrypted and securely stored at rest, an encrypted representation could still be transmitted through client-facing components.

Updating the Certificate Signing Extension to version 1.0.12 or higher ensures configuration handling occurs exclusively on the server side, preventing encrypted configuration values from being transmitted to or rendered by client-side components.

Vulnerability

CVE-2025-14823

CWE ID Description Base Score Vector
CWE-201 Insertion of Sensitive Information
Into Sent Data		 5.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Severity

Moderate — Vulnerabilities where impact is limited to a significant degree by mitigating factors such as version / configuration, detective controls, or are otherwise difficult to exploit.

Priority 

2 Moderate — Vulnerabilities that have elevated risk but exploits are neither known nor anticipated to be imminent. Recommend updates be prioritized against normal change management timelines but no longer than 30 days.

Affected versions

ScreenConnect deployments using the Certificate Signing Extension versions prior to 1.0.12 are affected.

Remediation

Cloud
No action is required. ScreenConnect servers hosted in “screenconnect.com” cloud (standalone and Automate/RMM integrated) or “hostedrmm.com” for Automate partners have been updated to remediate the issue. 

On-prem
On-premises partners should ensure the Certificate Signing Extension is updated to version 1.0.12 or higher to address this issue and benefit from the latest security improvements.