Article Details

CISA warns of ConnectWise ScreenConnect bug exploited in attacks. CISA is alerting federal agencies in the U.S. of hackers exploiting a recently patched ScreenConnect vulnerability that could lead to executing remote code on the server. The agency is warning that four other security problems affecting ASUS routers and the Craft content management system (CMS) are also actively exploited. Improper authentication in ConnectWise ScreenConnect On April 24, ConnectWise addressed the security issue, tracked as CVE-2025-3935, stating that the vulnerability could be exploited for a ViewState code injection attack. The vendor notes that ASP.NET Web Forms rely on the ViewState component to preserve page and control state using base64-encoded data that is protected by machine keys. If an attacker with privileged access compromises the machine keys, they could trigger remote code execution on the server through malicious payloads. Following the recent ConnectWise breach, suspected to be a state-sponsored operation, some customers said that the incident may be linked to CVE-2025-3935. However, ConnectWise has not commented on the attack method or the nature of the compromise. Multiple reports state that ConnectWise found “a very small number of ScreenConnect customers” to be affected. Critical bugs in ASUS and Craft CMS In an alert this week, CISA also warns of threat actors exploiting four vulnerabilities, two of them critical, in ASUS routers and Craft CMS: The flaw affecting ASUS RT-AX55 devices has been exploited over the past months in stealthy attacks from what appears to be “a well-resourced and highly capable adversary.” In a report last week, cybersecurity platform GreyNoise says that hackers have chained the CVE-2023-39780 vulnerability with authentication bypass techniques that do not have a CVE assigned to form a botnet called AyySSHush. CISA added the five security problems to its Known Exploited Vulnerabilities (KEV) Catalog and expects federal agencies to implement the vendor-recommended mitigations or discontinue using the affected products by June 23. or to stop using the affected products by June 23. Why IT teams are ditching manual patch management Manual patching is outdated. It's slow, error-prone, and tough to scale. Join Kandji + Tines on June 4 to see why old methods fall short. See real-world examples of how modern teams use automation to patch faster, cut risk, stay compliant, and skip the complex scripts.