AI description
CVE-2025-3935 affects ScreenConnect versions 25.2.3 and earlier. It is a ViewState code injection vulnerability in ASP.NET Web Forms. The ViewState feature is used to preserve the state of pages and controls, with data encoded in Base64 and protected by machine keys. If an attacker gains privileged system-level access and compromises these machine keys, they could create and send malicious ViewState data to the website. This could potentially lead to remote code execution on the server. ScreenConnect version 25.2.4 disables ViewState to remove any dependency on it.
- Description
- ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code injection attack. ASP.NET Web Forms use ViewState to preserve page and control state, with data encoded using Base64 protected by machine keys. It is important to note that to obtain these machine keys, privileged system level access must be obtained. If these machine keys are compromised, attackers could create and send a malicious ViewState to the website, potentially leading to remote code execution on the server. The risk does not originate from a vulnerability introduced by ScreenConnect, but from platform level behavior. This had no direct impact to ScreenConnect Client. ScreenConnect 2025.4 patch disables ViewState and removes any dependency on it.
- Source
- 7d616e1a-3288-43b1-a0dd-0a65d3e70a49
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 8.1
- Impact score
- 5.9
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- 7d616e1a-3288-43b1-a0dd-0a65d3e70a49
- CWE-287
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
37
🚨 ConnectWise ScreenConnect breach update: @Mandiant probes nation-state attack via CVE-2025-3935 (CVSS 8.1). No new activity, but IT tools are at risk. Patch now! 🔒 @ConnectWise @TheHackersNews #Cybersecurity #InfoSec #ConnectWise
@rajeshgunakala
31 May 2025
40 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨CVE-2025-3935: ConnectWise ScreenConnect Vulnerability FOFA query FOFA Link: https://t.co/yyGjefqLAi FOFA Query: app="ScreenConnect-Remote-Support-Software" 445,409 results https://t.co/hOPKgIG29k
@DarkWebInformer
31 May 2025
10774 Impressions
17 Retweets
114 Likes
49 Bookmarks
2 Replies
0 Quotes
ConnectWise、国家支援によるハッキングの疑いを公表(CVE-2025-3935) https://t.co/bCfBBHvY85 #Security #セキュリティ #ニュース
@SecureShield_
31 May 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Nation-State hackers hijack ScreenConnect flaw in a targeted ConnectWise breach. This supply chain attack turns remote access tool into cyber weapon. The Attack Chain: 1️⃣ Entry Point: Exploitation of CVE-2025-3935 (CVSS 8.1) – a high-severity ViewState code injection
@cytexsmb
30 May 2025
289 Impressions
2 Retweets
2 Likes
1 Bookmark
0 Replies
2 Quotes
ConnectWise reports a breach linked to a suspected nation-state actor exploiting CVE-2025-3935 via ScreenConnect. Affected customers are working with Mandiant & law enforcement. Critical patch issued. 🛡️ #CyberAttack #USA #Security https://t.co/UNESTWGKgN
@TweetThreatNews
30 May 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ConnectWise Discloses Suspected State-Sponsored Hack - CVE-2025-3935 - https://t.co/5WjQMbN3w8
@SecurityWeek
30 May 2025
1506 Impressions
1 Retweet
4 Likes
0 Bookmarks
0 Replies
0 Quotes
⚡️The vulnerability details are now available: https://t.co/1dXxpjLkKz 🚨ScreenConnect Alert🚨CVE-2025-3935 exposes systems to a dangerous https://t.co/qsOziXctBq ViewState code injection flaw. Attackers with privileged access can grab machine keys, forge malicious View
@zoomeye_team
30 May 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 ConnectWise confirms a targeted cyberattack on its environment—likely tied to a nation-state actor. Just weeks after patching CVE-2025-3935, suspicious activity hit a small group of customers. Stay ALERT | Read details: https://t.co/vh8HBvefFw
@TheHackersNews
30 May 2025
9135 Impressions
12 Retweets
31 Likes
7 Bookmarks
2 Replies
0 Quotes
🚨Alert🚨CVE-2025-3935 : ScreenConnect may be susceptible to a ViewState code injection attack. 📊 289K+Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/HDpgzOlw2x 👇Query HUNTER : https://t.co/q9rtuGgxk7="ConnectWise ScreenConnect so
@HunterMapping
30 May 2025
1329 Impressions
3 Retweets
7 Likes
3 Bookmarks
1 Reply
0 Quotes
ConnectWise detected a nation-state linked cyberattack on some ScreenConnect cloud instances, exploiting CVE-2025-3935 and possibly stealing system keys for remote code execution. Patch issued promptly. 🚨 #CyberAttack #Mandiant #USA https://t.co/KWD5x5pJO4
@TweetThreatNews
29 May 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Urgent: Critical vulnerability CVE-2025-3935 in ScreenConnect allows remote code execution. Update to version 25.2.4 immediately to secure your systems. #CyberSecurity #ScreenConnect #UpdateNow https://t.co/7Vpja0axLF
@dailytechonx
26 Apr 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Vulnerability Alert: ConnectWise ScreenConnect ViewState RCE Vulnerability 📅 Timeline: Disclosure: 2025-04-25, Patch: 2025-04-26 🆔cveId: [CVE-2025-3935] 📊baseScore: [8.1] 📏cvssMetrics: [AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H] cvssSeverity: High 🟠
@syedaquib77
26 Apr 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes