CISA warns of ConnectWise ScreenConnect bug exploited in attacks

CISA is alerting federal agencies in the U.S. of hackers exploiting a recently patched ScreenConnect vulnerability that could lead to executing remote code on the server.

The agency is warning that four other security problems affecting ASUS routers and the Craft content management system (CMS) are also actively exploited.

Improper authentication in ConnectWise ScreenConnect

On April 24, ConnectWise addressed the security issue, tracked as CVE-2025-3935, stating that the vulnerability could be exploited for a ViewState code injection attack.

The vendor notes that ASP.NET Web Forms rely on the ViewState component to preserve page and control state using base64-encoded data that is protected by machine keys.

If an attacker with privileged access compromises the machine keys, they coul

See Full Page

1490

Interests (0)

Settings

CISA warns of ConnectWise ScreenConnect bug exploited in attacks

Midea recalling 1.7 million of its popular air conditioners due to mold concern

Justice Department says Kilmar Abrego Garcia has been returned to the U.S. after indictment on human smuggling charges

Predator: Killer of Killers First Reviews: “Every Predator Fan’s Dream Come True”

Why Trump probably can’t cut Musk loose

Watch: Novak Djokovic and Jannik Sinner Play Point of the Year at French Open

Nations League Portugal-Spain is not Ronaldo vs. Yamal

Elon Musk pulls back on threat to withdraw Dragon spacecraft