CISA warns of ConnectWise ScreenConnect bug exploited in attacks

CISA is alerting federal agencies in the U.S. of hackers exploiting a recently patched ScreenConnect vulnerability that could lead to executing remote code on the server. The agency is warning that four other security problems affecting ASUS routers and the Craft content management system (CMS) are also actively exploited. Improper authentication in ConnectWise ScreenConnect On April 24, ConnectWise addressed the security issue, tracked as CVE-2025-3935, stating that the vulnerability could be exploited for a ViewState code injection attack. The vendor notes that ASP.NET Web Forms rely on the ViewState component to preserve page and control state using base64-encoded data that is protected by machine keys. If an attacker with privileged access compromises the machine keys, they could trigger remote code execution on the server through malicious payloads. Following the recent ConnectWise breach, suspected to be a state-sponsored operation, some customers said that the incident may ... Read full article.