ConnectWise has rolled out patches for two vulnerabilities in the Automate remote monitoring and management (RMM) tool that could allow attackers to perform man-in-the-middle (MiTM) attacks.
Automate is an RMM tool for enterprises and managed service providers (MSPs) that allows organizations to identify, monitor, and manage all connected devices on a network.
Last week, ConnectWise released Automate version 2025.9 with patches for CVE-2025-11492 (CVSS score of 9.6), a critical-severity bug that allows attackers to intercept sensitive information that was being transmitted in cleartext.
Additionally, the company warned of a high-severity flaw in the RMM software, tracked as CVE-2025-11493 (CVSS score of 8.8), and described as the lack of integrity checks when downloading code.
These vulnerabilities, ConnectWise says, “could expose agent communications and updates to interception or tampering if certain configurations are used.”
Essentially, because agents deployed on premises may be configured to use HTTP or encryption, an attacker with access to the network could view or modify traffic, the company says.
A threat actor performing an MiTM attack could also replace updates with malicious ones, the company warns.
“Automate 2025.9 patch enforces HTTPS for all agent communications to mitigate these risks. Partners running on-prem servers should also ensure TLS 1.2 is enforced to maintain secure communications,” ConnectWise says.
The company has rated the vulnerabilities as ‘important’, as they could lead to data compromise but require additional access for successful exploitation.
However, it has also assigned them a ‘moderate’ priority, which it typically gives to security defects “that are either being targeted or have higher risk of being targeted by exploits in the wild.”
All organizations using on-premises ConnectWise Automate deployments are advised to update their installations as soon as possible.
Related: Gladinet Patches Exploited CentreStack Vulnerability
Related: Vulnerability in Dolby Decoder Can Allow Zero-Click Attacks
Related: ICS Patch Tuesday: Fixes Announced by Siemens, Schneider, Rockwell, ABB, Phoenix Contact
Related: High-Severity Vulnerabilities Patched by Fortinet and Ivanti
