CVE-2023-25718

Published: Feb 13, 2023

Modified: Jun 19, 2025

PUBLISHED

Description

In ConnectWise Control through 22.9.10032 (formerly known as ScreenConnect), after an executable file is signed, additional instructions can be added without invalidating the signature, such as instructions that result in offering the end user a (different) attacker-controlled executable file. It is plausible that the end user may allow the download and execution of this file to proceed. There are ConnectWise Control configuration options that add mitigations.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://cybir.com/2022/cve/connectwise-control-dns-spoofing-poc/

https://www.connectwise.com/blog/cybersecurity/the-importance-of-responsible-security-disclosures

https://m.youtube.com/watch?v=fbNVUgmstSc&pp=0gcJCf0Ao7VqN5tD

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-25718

Description

Affected Products

References