Home
Company
Trust Center
Security Bulletins
ScreenConnect 25.2.4 Security Patch

ScreenConnect 25.2.4 Security Patch

04/24/2025

Products: ScreenConnect

Severity: Important

Priority: 1 - High

Summary

ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code injection attack.ASP.NET Web Forms use ViewState to preserve page and control state, with data encoded using Base64 protected by machine keys. It is important to note that to obtain these machine keys, privileged system level access must be obtained. If these machine keys are compromised, attackers could create and send a malicious ViewState to the website, potentially leading to remote code execution on the server. Our patch disables ViewState and removes any dependency on it.

It is crucial to understand that this issue could potentially impact any product utilizing ASP.NET framework ViewStates, and ScreenConnect is not an outlier.

Vulnerability

CVE-2025-3935

CWE ID	Description	Base Score	Vector
CWE-287	Improper Authentication	8.1	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity

Important—Vulnerabilities that could compromise confidential data or other processing resources but require additional access / privilege to do so.

Priority 

1 High—Vulnerabilities that are either being targeted or have higher risk of being targeted by exploits in the wild. Recommend installing updates as emergency changes or as soon as possible (e.g., within days).  

Affected versions

ScreenConnect version 25.2.3 and earlier versions are impacted.

Remediation

Cloud

No action is required. ScreenConnect servers hosted in “screenconnect.com” cloud (standalone and Automate/RMM integrated) or “hostedrmm.com” for Automate partners have been updated to remediate the issue. 

On-premises

Please note there are some actions you need to take to apply this update: 

Navigate to your Administration/License page.

Expand the Version Check box.

If you are on 25.2.3 or an earlier version, you should install the latest build for your current version to receive the latest security updates.

If your license is out of maintenance, you must upgrade your license before installing the latest supported release of ScreenConnect.

Visit our Download page. Download the 25.2.4 version installation.

Follow these steps to upgrade: Upgrade an on-premises installation - ConnectWise

On-premise: Active maintenance

If you are on active maintenance, we strongly recommend upgrading to the current release of 25.2.4. Using the most current release of ScreenConnect includes security updates, bug fixes, and enhancements not found in older releases.

On-premise: Off maintenance

We recommend renewing maintenance and upgrading to the newest release, 25.2.4. Please see the above instructions for how to upgrade to the newest version of ScreenConnect and to check your maintenance status.

If you elect not to renew maintenance, we have released free security patches for select older versions dating back to release 23.9. Versions of ScreenConnect can be downloaded from the ConnectWise website: https://screenconnect.com/download/archive The updated releases will have a publish date of April 22nd, 2025, or later. Partners on a version older than 23.9 will be able to upgrade to 23.9 at no additional charge.

How can partners protect themselves?

There are many things that a partner can do to protect themselves. In this situation, the most important thing you can do is patch your instances immediately.

As a reminder and as part of the remediation process for on-premises partners—whether you have patched your server or still need to—it is critical to assess your systems for signs of impact while upgrading and before bringing any systems back online.

What actions can you take if you suspect you have been compromised?

If you suspect that your ScreenConnect software may have been compromised, it is crucial to prioritize the security of your systems. Follow your established incident response procedures to isolate the affected servers and create backups for later analysis. Do not bring these servers back online until they have been thoroughly investigated, rebuilt, and updated with the latest patches.

Keep in mind that a compromised ScreenConnect server may not be the sole point of entry. Your incident response plan should cover your entire system to detect and address any broader security vulnerabilities.

If you have concerns about a potential compromise, please refer to the steps outlined in this Security alert checklist which includes actions such as resetting their passwords, reviewing the audit log, forcing all technicians to sign back in, and more. We also recommend reviewing the  ScreenConnect security guide  and best practices to enhance the security of your instance, as well as verifying that links, your account ID, and your domain are accurate. 

FAQs

Frequently Asked Questions

Where can I get more information about vulnerability?

All information about the vulnerability is posted on the ConnectWise Trust site: https://www.connectwise.com/company/trust/security-bulletins . Because of the sensitive nature of this vulnerability, we are not able to provide any more details or information.

What should I do if I think my instance has been compromised?

All information about the vulnerability is posted on the ConnectWise Trust site: https://www.connectwise.com/company/trust/security-bulletins .

Our Security guide and security alerts checklist includes instructions for resetting your passwords, reviewing the audit log, forcing all technicians to sign back in, and more.

Where do I download new versions of ScreenConnect?

New versions of ScreenConnect can be downloaded from the ConnectWise website: https://www.screenconnect.com/download

What happens once I patch ScreenConnect to a remediated version?

Once you’ve applied the patch, you should review users with access to ScreenConnect, reviewing users and removing any that are not recognized, change passwords, and enable MFA.

You can also review the new enhancements and features in the 2025.2 release notes.

How do I migrate to cloud from On-Premises?

We have instructions in our documentation: Migrate to ScreenConnect Cloud from a Windows server - ConnectWise

How do I upgrade my server?

You can upgrade your on-premises server by following the instructions here: Upgrade to the latest version of ScreenConnect.

What is the upgrade path for an on-premises server?

The upgrade path for on-premises installation is:

Version 22.8 → 23.3 → 25.2.4

Be sure to upgrade your access agents after every incremental upgrade.

What is the “eligible version”?

New versions of ScreenConnect can be downloaded from the ConnectWise website: https://screenconnect.com/download/archive, the new patch will be dated after April 22nd, 2025. We have released the security patch for this issue for select older versions dating back to release 23.9. The updated releases will have a publish date of April 22nd, 2025, or later.

Does this vulnerability affect self-hosted Linux or Mac servers?

Yes. ScreenConnect stopped supporting Linux for the server software on December 31, 2021 (and Mac servers two years before), and there will not be any future version updates for these systems. We strongly encourage all partners running the ScreenConnect server software on Linux to either migrate the instance to a Windows server where it can be updated to version 25.2.4, then renew the license key if needed, and proceed to upgrade it to the current version, OR to migrate it to our ScreenConnect cloud.

If I am on 22.4 what is my upgrade path?

As a courtesy last year, ConnectWise offered 22.4 as a stable version for partners on an older version of ScreenConnect. We recommend renewing maintenance and upgrading to the newest release, 25.2.4.

If you elect not to renew maintenance, we have released the security patch for this issue for select older versions dating back to release 23.9. Versions of ScreenConnect can be downloaded from the ConnectWise website: https://screenconnect.com/download/archive, the new patch will be dated after April 22nd, 2025. The updated releases will have a publish date of April 22nd, 2025, or later.

You can upgrade your on-premises server by following the instructions here: Upgrade to the latest version of ScreenConnect .

The upgrade path for on-premises installations is:

Version 22.8→ 23.3 → 25.2.4

Is there a mitigation?

We strongly advise that all partners upgrade to a patched version of ScreenConnect. If you are unable to immediately patch, Microsoft provides mitigation recommendation in this article: https://www.microsoft.com/en-us/security/blog/2025/02/06/code-injection-attacks-using-publicly-disclosed-asp-net-machine-keys/.

How do I ensure I’m notified of updates?

To ensure you’re contacted about important security updates, please set rules that allow ConnectWise communication to hit your primary inbox – add no-reply@connectwise.com to your safe sender list to ensure these important communications are delivered to your inbox.

To receive security bulletins as they’re posted, we also recommend using the ConnectWise Trust RSS feed.

My server/instance has been upgraded to the patched version (25.2.4), but my agents have not yet been updated. Should I be concerned about the vulnerability?

The vulnerability addressed in version 25.2.4 is server-side and does not directly impact agent (client) components. As such, unpatched agents do not introduce additional risk related to this vulnerability.

However, we strongly recommend updating agents to the latest available version to ensure compatibility, access to recent security enhancements, and the benefit of ongoing performance improvements and bug fixes.

How do you determine the priority and severity of bulletins?

We use the following criteria to assign priority and severity to each bulletin.