CVE-2025-11492 - Vulnerability Details - OpenCVE

In the ConnectWise Automate Agent, communications could be configured to use HTTP instead of HTTPS. In such cases, an on-path threat actor with a man-in-the-middle network position could intercept, modify, or replay agent-server traffic. Additionally, the encryption method used to obfuscate some communications over the HTTP channel is updated in the Automate 2025.9 patch to enforce HTTPS for all agent communications.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Connectwise	Automate

No data.

No data.

References

Link	Providers
https://www.connectwise.com/company/trust/security-bulletins/connectwise-automate-2025.9-security-fix

History

Mon, 20 Oct 2025 13:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Connectwise Connectwise automate
Vendors & Products		Connectwise Connectwise automate

Thu, 16 Oct 2025 19:15:00 +0000

Type	Values Removed	Values Added
Description		In the ConnectWise Automate Agent, communications could be configured to use HTTP instead of HTTPS. In such cases, an on-path threat actor with a man-in-the-middle network position could intercept, modify, or replay agent-server traffic. Additionally, the encryption method used to obfuscate some communications over the HTTP channel is updated in the Automate 2025.9 patch to enforce HTTPS for all agent communications.
Title		HTTP Configuration and Encryption in Transit
Weaknesses		CWE-319
References		https://www.connectwise.com/company/trust/security-bulletins/connectwise-automate-2025.9-security-fix
Metrics		cvssV3_1 `{'score': 9.6, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: ConnectWise

Published: 2025-10-16T18:59:35.285Z

Updated: 2025-10-17T03:55:31.431Z

Reserved: 2025-10-08T11:25:59.180Z

Link: CVE-2025-11492

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2025-10-16T19:15:31.900

Modified: 2025-10-21T19:31:50.020

Link: CVE-2025-11492

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-11492", "assignerOrgId": "7d616e1a-3288-43b1-a0dd-0a65d3e70a49", "state": "PUBLISHED", "assignerShortName": "ConnectWise", "dateReserved": "2025-10-08T11:25:59.180Z", "datePublished": "2025-10-16T18:59:35.285Z", "dateUpdated": "2025-10-17T03:55:31.431Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["Agent"], "product": "Automate", "vendor": "ConnectWise", "versions": [{"status": "affected", "version": "All versions prior to 2025.9"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In the ConnectWise Automate Agent, communications could be configured to use HTTP instead of HTTPS. In such cases, an on-path threat actor with a man-in-the-middle network position could intercept, modify, or replay agent-server traffic. Additionally, the encryption method used to obfuscate some communications over the HTTP channel is updated in the Automate 2025.9 patch to enforce HTTPS for all agent communications.<br><br><div><div><div>\n\n</div>\n\n</div>\n\n</div>"}], "value": "In the ConnectWise Automate Agent, communications could be configured to use HTTP instead of HTTPS. In such cases, an on-path threat actor with a man-in-the-middle network position could intercept, modify, or replay agent-server traffic. Additionally, the encryption method used to obfuscate some communications over the HTTP channel is updated in the Automate 2025.9 patch to enforce HTTPS for all agent communications."}], "impacts": [{"capecId": "CAPEC-94", "descriptions": [{"lang": "en", "value": "CAPEC-94 Adversary in the Middle (AiTM)"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-319", "description": "CWE-319 Cleartext Transmission of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d616e1a-3288-43b1-a0dd-0a65d3e70a49", "shortName": "ConnectWise", "dateUpdated": "2025-10-16T18:59:35.285Z"}, "references": [{"url": "https://www.connectwise.com/company/trust/security-bulletins/connectwise-automate-2025.9-security-fix"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p><b>Cloud: </b>Cloud instances have already been updated to the latest\nAutomate release.   </p>\n\n\n\n\n\n<p><b>On-premise: </b>Apply the 2025.9\nrelease.</p>\n\n\n\n\n\n\n\n<br>"}], "value": "Cloud:\u00a0Cloud instances have already been updated to the latest\nAutomate release. \u00a0\u00a0\n\n\n\n\n\n\n\nOn-premise:\u00a0Apply the 2025.9\nrelease."}], "source": {"discovery": "UNKNOWN"}, "title": "HTTP Configuration and Encryption in Transit", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-16T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2025-11492"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-17T03:55:31.431Z"}}]}}