CVE-2025-14823
Information Exposure via ScreenConnect Certificate Signing Extension Endpoint
Publication date: 2025-12-18
Last updated on: 2025-12-18
Assigner: ConnectWise
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| connectwise | screenconnect | 1.0.12 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-201 | The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the ScreenConnect™ Certificate Signing Extension allows encrypted configuration values, including an Azure Key Vault-related key, to be returned to unauthenticated users through a client-facing endpoint under certain conditions. Although the values remain encrypted and securely stored at rest, their encrypted representations could be exposed in client responses. The issue occurs because configuration handling was not exclusively server-side in versions prior to 1.0.12. Updating to version 1.0.12 or higher prevents these encrypted values from being transmitted or rendered by client-side components. [1]
How can this vulnerability impact me? :
The vulnerability could expose encrypted configuration data to unauthenticated users, potentially leaking sensitive information in encrypted form. While the data remains encrypted and secure at rest, the exposure of encrypted values could aid attackers in reconnaissance or further attacks. The CVSS score of 5.3 indicates moderate severity, with a network attack vector and low complexity. The impact is primarily on confidentiality, with no direct impact on integrity or availability. On-premises deployments need to update to version 1.0.12 or later to mitigate this risk. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves identifying if your deployment is using a vulnerable version of the ScreenConnect Certificate Signing Extension prior to version 1.0.12. Since the vulnerability causes encrypted configuration values to be returned to unauthenticated users via a client-facing endpoint, you can attempt to access the client-facing endpoint and inspect responses for the presence of encrypted configuration data. Specific commands are not provided in the resources, but you may use network traffic inspection tools (e.g., curl or wget) to send requests to the client-facing endpoint and analyze the responses for encrypted configuration values. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the ScreenConnect Certificate Signing Extension to version 1.0.12 or higher. This update ensures that configuration handling occurs exclusively on the server side, preventing encrypted configuration values from being transmitted to or rendered by client-side components. For cloud-hosted ScreenConnect servers (screenconnect.com and hostedrmm.com), no action is required as these have already been updated. On-premises deployments must manually update to version 1.0.12 or later to remediate the vulnerability and gain the latest security improvements. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability could potentially impact compliance with standards like GDPR and HIPAA because it involves the exposure of encrypted configuration values to unauthenticated users, which may be considered a data confidentiality risk. Although the values remain encrypted and securely stored at rest, the transmission of encrypted sensitive information to unauthorized parties could be viewed as a data exposure incident under these regulations. Mitigation by updating to version 1.0.12 or higher prevents this exposure by ensuring configuration handling occurs only on the server side. [1]