AI description
CVE-2025-3935 affects ScreenConnect versions 25.2.3 and earlier. It is a ViewState code injection vulnerability in ASP.NET Web Forms. The ViewState feature is used to preserve the state of pages and controls, with data encoded in Base64 and protected by machine keys. If an attacker gains privileged system-level access and compromises these machine keys, they could create and send malicious ViewState data to the website. This could potentially lead to remote code execution on the server. ScreenConnect version 25.2.4 disables ViewState to remove any dependency on it.
- Description
- ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code injection attack. ASP.NET Web Forms use ViewState to preserve page and control state, with data encoded using Base64 protected by machine keys. It is important to note that to obtain these machine keys, privileged system level access must be obtained. If these machine keys are compromised, attackers could create and send a malicious ViewState to the website, potentially leading to remote code execution on the server. The risk does not originate from a vulnerability introduced by ScreenConnect, but from platform level behavior. This had no direct impact to ScreenConnect Client. ScreenConnect 2025.4 patch disables ViewState and removes any dependency on it.
- Source
- 7d616e1a-3288-43b1-a0dd-0a65d3e70a49
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 7.2
- Impact score
- 5.9
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- ConnectWise ScreenConnect Improper Authentication Vulnerability
- Exploit added on
- Jun 2, 2025
- Exploit action due
- Jun 23, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- 7d616e1a-3288-43b1-a0dd-0a65d3e70a49
- CWE-287
- nvd@nist.gov
- NVD-CWE-noinfo
- Hype score
- Not currently trending
Actively exploited CVE : CVE-2025-3935
@transilienceai
15 Jun 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-3935
@transilienceai
15 Jun 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-3935
@transilienceai
14 Jun 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-3935
@transilienceai
13 Jun 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 On May 28, ConnectWise disclosed “suspicious activity” tied to a nation-state actor, affecting a few ScreenConnect users. The flaw (CVE-2025-3935, CVSS 7.2) was patched Apr 24. CISA added it to KEV on Jun 2. Timeline of exploitation remains unclear. #cybersecurity #infos
@cyber_sec_raj
7 Jun 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Heads up, ScreenConnect users: #ConnectWise confirmed a cyberattack linked to a critical vulnerability (CVE-2025-3935). Update to version 25.2.4 ASAP if you haven’t already. More info 👉 https://t.co/VzXXKIvNOc #CyberSecurity https://t.co/VzXXKIvNOc
@ironcladtekinc
6 Jun 2025
38 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🗞️ CISA Issues Urgent Alert on Exploited ConnectWise ScreenConnect Vulnerability CISA warns of active exploitation of a ConnectWise ScreenConnect vulnerability, CVE-2025-3935, which allows remote code execution on vulnerable servers. Federal agencies and users are urged to
@gossy_84
4 Jun 2025
92 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Urgent Security Alert: CVE-2025-3935 vulnerability found in ConnectWise ScreenConnect. This issue stems from https://t.co/GSpAPtEicL potentially affecting other apps on this framework if not properly secured. At Helient Technologies, your security is our priority, and we are
@Helient
4 Jun 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Urgent Security Alert: CVE-2025-3935 vulnerability found in ConnectWise ScreenConnect. This issue stems from https://t.co/IcbA1rgf4I potentially affecting other apps on this framework if not properly secured. At Helient Technologies, your security is our priority, and we are
@Helient
4 Jun 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA warns U.S. agencies about hackers exploiting a patched ScreenConnect vulnerability, CVE-2025-3935, for remote code execution, alongside active exploits affecting ASUS routers and Craft CMS. #Security https://t.co/e9RhajzoMG
@Strivehawk
3 Jun 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Issues Urgent Warning on ConnectWise Vulnerabilities! CISA has flagged active exploitation of a ConnectWise ScreenConnect flaw (CVE-2025-3935), enabling remote code execution via ViewState code injection. Patched in April 2025, this vulnerability has hit a small number of
@tony3266
3 Jun 2025
109 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CISA warns of hackers exploiting the CVE-2025-3935 flaw in ScreenConnect for remote code execution. Active attacks also target ASUS routers and Craft CMS, with some linked to state-sponsored activities. 🚨 #SecurityUpdate #US #Vulnerabilities https://t.co/bWyaBGqf7r
@TweetThreatNews
3 Jun 2025
78 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Security Bulletin: CVE-2025-3935 – A critical ConnectWise ScreenConnect vulnerability is being actively exploited for RCE via ViewState injection.Patch now to v25.2.4. #ThreatIntel #RedLeggCTI #ConnectWise https://t.co/Wxge72guZy
@RedLegg
2 Jun 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ConnectWise was breached by a nation-state actor, targeting ScreenConnect customers. The attack exploited CVE-2025-3935, prompting patches and enhanced security measures. https://t.co/TpD4hPEXc2
@Teemu_Tiainen
1 Jun 2025
66 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-3935 2 - CVE-2024-29269 3 - CVE-2024-29847 4 - CVE-2025-30397 5 - CVE-2025-37752 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
1 Jun 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Today in #InfoSec, that's not a Cobra in a knitted cap Mandiant is chasing, CVE-2025-3935 was exploited in ConnectWise by APT snakes from multiple countries. Multiple breaches at LexisNexis, Adidas, Roblox, Facebook & Instagram have gone more viral than cute kids singing Disn
@AndyMicone
31 May 2025
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 ConnectWise ScreenConnect breach update: @Mandiant probes nation-state attack via CVE-2025-3935 (CVSS 8.1). No new activity, but IT tools are at risk. Patch now! 🔒 @ConnectWise @TheHackersNews #Cybersecurity #InfoSec #ConnectWise
@rajeshgunakala
31 May 2025
40 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨CVE-2025-3935: ConnectWise ScreenConnect Vulnerability FOFA query FOFA Link: https://t.co/yyGjefqLAi FOFA Query: app="ScreenConnect-Remote-Support-Software" 445,409 results https://t.co/hOPKgIG29k
@DarkWebInformer
31 May 2025
10774 Impressions
17 Retweets
114 Likes
49 Bookmarks
2 Replies
0 Quotes
ConnectWise、国家支援によるハッキングの疑いを公表(CVE-2025-3935) https://t.co/bCfBBHvY85 #Security #セキュリティ #ニュース
@SecureShield_
31 May 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Nation-State hackers hijack ScreenConnect flaw in a targeted ConnectWise breach. This supply chain attack turns remote access tool into cyber weapon. The Attack Chain: 1️⃣ Entry Point: Exploitation of CVE-2025-3935 (CVSS 8.1) – a high-severity ViewState code injection
@cytexsmb
30 May 2025
289 Impressions
2 Retweets
2 Likes
1 Bookmark
0 Replies
2 Quotes
ConnectWise reports a breach linked to a suspected nation-state actor exploiting CVE-2025-3935 via ScreenConnect. Affected customers are working with Mandiant & law enforcement. Critical patch issued. 🛡️ #CyberAttack #USA #Security https://t.co/UNESTWGKgN
@TweetThreatNews
30 May 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ConnectWise Discloses Suspected State-Sponsored Hack - CVE-2025-3935 - https://t.co/5WjQMbN3w8
@SecurityWeek
30 May 2025
1506 Impressions
1 Retweet
4 Likes
0 Bookmarks
0 Replies
0 Quotes
⚡️The vulnerability details are now available: https://t.co/1dXxpjLkKz 🚨ScreenConnect Alert🚨CVE-2025-3935 exposes systems to a dangerous https://t.co/qsOziXctBq ViewState code injection flaw. Attackers with privileged access can grab machine keys, forge malicious View
@zoomeye_team
30 May 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 ConnectWise confirms a targeted cyberattack on its environment—likely tied to a nation-state actor. Just weeks after patching CVE-2025-3935, suspicious activity hit a small group of customers. Stay ALERT | Read details: https://t.co/vh8HBvefFw
@TheHackersNews
30 May 2025
9135 Impressions
12 Retweets
31 Likes
7 Bookmarks
2 Replies
0 Quotes
🚨Alert🚨CVE-2025-3935 : ScreenConnect may be susceptible to a ViewState code injection attack. 📊 289K+Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/HDpgzOlw2x 👇Query HUNTER : https://t.co/q9rtuGgxk7="ConnectWise ScreenConnect so
@HunterMapping
30 May 2025
1329 Impressions
3 Retweets
7 Likes
3 Bookmarks
1 Reply
0 Quotes
ConnectWise detected a nation-state linked cyberattack on some ScreenConnect cloud instances, exploiting CVE-2025-3935 and possibly stealing system keys for remote code execution. Patch issued promptly. 🚨 #CyberAttack #Mandiant #USA https://t.co/KWD5x5pJO4
@TweetThreatNews
29 May 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Urgent: Critical vulnerability CVE-2025-3935 in ScreenConnect allows remote code execution. Update to version 25.2.4 immediately to secure your systems. #CyberSecurity #ScreenConnect #UpdateNow https://t.co/7Vpja0axLF
@dailytechonx
26 Apr 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Vulnerability Alert: ConnectWise ScreenConnect ViewState RCE Vulnerability 📅 Timeline: Disclosure: 2025-04-25, Patch: 2025-04-26 🆔cveId: [CVE-2025-3935] 📊baseScore: [8.1] 📏cvssMetrics: [AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H] cvssSeverity: High 🟠
@syedaquib77
26 Apr 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:connectwise:screenconnect:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "552C1CC0-4F75-4C28-ACEF-EF1C1AD50EC2",
"versionEndExcluding": "25.2.4"
}
],
"operator": "OR"
}
]
}
]