CVE-2025-14265

Published Dec 11, 2025

Last updated 2 months ago

CVSS critical 9.1

Overview

Description
In versions of ScreenConnect™ prior to 25.8, server-side validation and integrity checks within the extension subsystem could allow the installation and execution of untrusted or arbitrary extensions by authorized or administrative users. Abuse of this behavior could result in the execution of custom code on the server or unauthorized access to application configuration data. This issue affects only the ScreenConnect server component; host and guest clients are not impacted. ScreenConnect 25.8 introduces enhanced server-side configuration handling and integrity checks to ensure only trusted extensions can be installed.
Source
7d616e1a-3288-43b1-a0dd-0a65d3e70a49
NVD status
Analyzed
Products
screenconnect

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.1
Impact score
6
Exploitability score
2.3
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

7d616e1a-3288-43b1-a0dd-0a65d3e70a49
CWE-494

Social media

Hype score
Not currently trending

  1. Vulnerabilidad crítica en ScreenConnect expone datos de configuración CVE-2025-14265 ConnectWise ha publicado una actualización de seguridad para ScreenConnect™ para abordar una vulnerabilidad crítica https://t.co/i9beRqpCxH https://t.co/iBu8CuENiE

    @elhackernet

    16 Dec 2025

    2711 Impressions

    8 Retweets

    25 Likes

    7 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-14265: Download of Code Without Integrity Check in ScreenConnect, 9.1 rating 🔥 A server-side vulnerability could allow an authenticated attacker to execute custom code or access configuration data. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/gQI8mjmTb

    @Netlas_io

    16 Dec 2025

    1698 Impressions

    3 Retweets

    25 Likes

    4 Bookmarks

    1 Reply

    0 Quotes

  3. 🚨🚨CVE-2025-14265 (CVSS 9.1): Extension Vulnerability in ScreenConnect Server Authenticated admins can install/run arbitrary extensions due to weak server-side validation → server-side code execution or config theft. Server-only impact (clients safe). Search by vul.cve ht

    @zoomeye_team

    16 Dec 2025

    2463 Impressions

    9 Retweets

    38 Likes

    7 Bookmarks

    0 Replies

    0 Quotes

  4. [CVE-2025-14265: CRITICAL] ScreenConnect™ prior to version 25.8 had security vulnerabilities allowing unauthorized installation of extensions. Update to version 25.8 for enhanced security measures.#cve,CVE-2025-14265,#cybersecurity https://t.co/c58NkvWKGA https://t.co/JzdKKqmvG

    @CveFindCom

    11 Dec 2025

    32 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. In deployments using the ScreenConnect™ Certificate Signing Extension, encrypted configuration values including an Azure Key Vault-related key, could be returned to unauthenticated users through a client-facing endpoint under certain conditions. The values remained encrypted and securely stored at rest; however, an encrypted representation could be exposed in client responses. Updating the Certificate Signing Extension to version 1.0.12 or higher ensures configuration handling occurs exclusively on the server side, preventing encrypted values from being transmitted to or rendered by client-side components.CVE-2025-14823
  2. ConnectWise ScreenConnect Improper Authentication VulnerabilityCVE-2025-3935
  3. ConnectWise ScreenConnect Authentication Bypass VulnerabilityCVE-2024-1709
  4. ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical systems. CVE-2024-1708

References

Sources include official advisories and independent security research.