Malware

ScreenConnect Security Flaw Let Attackers Bypass Authentication

In a critical security advisory, ConnectWise has alerted users of its ScreenConnect remote access software to patch their systems immediately due to two severe vulnerabilities discovered in versions 23.9.7 and earlier. These vulnerabilities, identified as CWE-288 and CWE–22, allow for authentication...

S ShomoySoft Editorial
· Aug 05, 2025 · 3 min read · 👁 3 views
ScreenConnect Security Flaw Let Attackers Bypass Authentication

In a critical security advisory, ConnectWise has alerted users of its ScreenConnect remote access software to patch their systems immediately due to two severe vulnerabilities discovered in versions 23.9.7 and earlier.

These vulnerabilities, identified as CWE-288 and CWE22, allow for authentication bypass and path traversal, posing a significant risk to the integrity and security of affected systems.

Document

Try ANY.RUN Yourself with a 14-day Free Trial

ScreenConnect Security Flaw

The first vulnerability,CWE-288, enables attackers to bypass authentication mechanisms using an alternate path or channel, receiving the highest severity score of 10.

This flaw could allow unauthorized access to the system, potentially leading to further exploitation.

The second vulnerability, CWE-22, involves improper limitation of a pathname to a restricted directory, known as ‘path traversal,’ with a base score of 8.4.

This issue could allow attackers to access files or directories outside the specified location, compromising the system’s security.

ScreenConnect is widely used for remote access by organizations globally, making these vulnerabilities particularly concerning due to the potential for attackers to exploit vulnerable instances and push ransomware or other malicious payloads to downstream clients.

This risk is especially acute for managed service providers (MSPs) or managed security services providers (MSSPs) who use ScreenConnect to manage client environments remotely.

Shodan has reported that over 7,900 servers that are connected are running versions of ScreenConnect that are vulnerable.

Image

Mitigation and Response

ConnectWise has taken immediate action to address these vulnerabilities by releasing version 23.9.8 of ScreenConnect, which patches these critical security flaws.

Cloud users of ScreenConnect do not need to take any action, as cloud instances have been automatically updated to the latest secure version.

However, on-premise users are strongly urged to update their servers to version 23.9.8 immediately to mitigate the risks posed by these vulnerabilities.

Security researchers at Huntress and Rapid7 have echoed the urgency of applying these patches, with Huntress successfully creating and validating a proof-of-concept exploit for the vulnerabilities.

Over 8,800 servers were reported as running a vulnerable version, highlighting the widespread potential impact.

Indicators of compromise

IOCs:

  • 155.133.5.15

  • 155.133.5.14

  • 118.69.65.60

Source: CybersecurityNews.com

Tags: #Ransomware #Malware #Vulnerability #Zero-Day #Exploit #Cloud Security
Follow ShomoySoft for more: Follow on Facebook

💬 Comments (0)

Login to join the discussion.

No comments yet. Be the first!

Related Articles

Recommended for you