CVE-2025-3935HIGH 7.2CISA KEVEPSS p87.1%

CVE-2025-3935ConnectWise ScreenConnect Improper Authentication Vulnerability

ConnectWise / ScreenConnect

Description

ConnectWise ScreenConnect contains an improper authentication vulnerability. This vulnerability could allow a ViewState code injection attack, which could allow remote code execution if machine keys are compromised.

Scoring

CVSS 3.17.2 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS3.35% probability of exploitation · percentile 87.1% · 2026-06-19T12:03:05Z
Published2025-04-25
Last modified2025-10-24

CISA KEV entry

Added to KEV: 2025-06-02

Underlying weaknesses· 1

CWE-502

References

  1. https://www.connectwise.com/company/trust/advisories
  2. https://www.connectwise.com/company/trust/security-bulletins/screenconnect-security-patch-2025.4
  3. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-3935

1

TypeTargetConfidenceTier
WeaknessDeserialization of Untrusted Datacwe-5020%live

(incoming)1

TypeTargetConfidenceTier
KEVEntryConnectWise ScreenConnect Improper Authentication Vulnerabilitykev-cve-2025-39350%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
ConnectWise ScreenConnect Authentication Bypass Vulnerability
CVE
ConnectWise ScreenConnect Path Traversal Vulnerability
CVE
CVE-2026-3564
CVE
Microsoft Windows SmartScreen Security Feature Bypass Vulnerability
CVE
CVE-2025-21297
CVE
CVE-2025-22467
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.