ConnectWise ScreenConnect Server Untrusted Extension Execution Vulnerability

A vulnerability exists in ConnectWise ScreenConnect server versions prior to 25.8, allowing authorized or administrative users to install and execute untrusted or arbitrary extensions. This issue arises from inadequate server-side validation and integrity checks within the extension subsystem. Exploitation of this vulnerability could lead to the execution of custom code on the server or unauthorized access to application configuration data. It is important to note that this vulnerability affects only the ScreenConnect server component, while host and guest clients remain unaffected.

Impact

Exploitation of this vulnerability could result in the execution of unauthorized custom code on the server or unauthorized access to application configuration data.

Remediation

Users with ScreenConnect on-premises installations should upgrade to version 25.8 and update guest clients to the same version. ScreenConnect partners can download the update from the ScreenConnect order page. For partners using an on-premises ScreenConnect installation integrated with ConnectWise Automate, additional steps are required to ensure a smooth upgrade.