CVE-2025-3935

KEV

Published: Apr 25, 2025 Last Modified: Ott 24, 2025 EU-VD ID: EUVD-2025-12502 Aliases: GHSA-qjrp-xr9r-wmrg

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,1

Source: 7d616e1a-3288-43b1-a0dd-0a65d3e70a49

Attack Vector: network

Attack Complexity: high

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: high

Availability: high

Description

AI Translation Available

ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code injection attack. ASP.NET Web Forms use ViewState to preserve page and control state, with data encoded using Base64 protected by machine keys.
It is important to note that to obtain these machine keys, privileged system level access must be obtained.

If these machine keys are compromised, attackers could create and send a malicious ViewState to the website, potentially leading to remote code execution on the server.

The risk does not originate from a vulnerability introduced by ScreenConnect, but from platform level behavior. This had no direct impact to ScreenConnect Client. ScreenConnect 2025.4 patch disables ViewState and removes any dependency on it.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,1230

Percentile

0,9th

Updated

EPSS Score Trend (Last 90 Days)

502

Deserialization of Untrusted Data

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Availability Other

Potential Impacts:

Modify Application Data Unexpected State Dos: Resource Consumption (Cpu) Varies By Context

Applicable Platforms

Languages: Java, JavaScript, PHP, Python, Ruby

Technologies: AI/ML, ICS/OT, Not Technology-Specific

Likelihood of Exploit: Medium

View CWE Details

Application

Screenconnect by Connectwise

Product Information

Vendor Connectwise

Product Screenconnect

Version Range Affected

To 25.2.4 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:connectwise:screenconnect:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

https://www.cisa.gov/known-exploited-vulnerabilities-catalo…

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025…

https://www.connectwise.com/company/trust/advisories

https://www.connectwise.com/company/trust/security-bulletin…

https://www.connectwise.com/company/trust/security-bulletins/screenconnect-secu…

CVE-2025-3935

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 90 Days)

Deserialization of Untrusted Data

Common Consequences

Applicable Platforms

Screenconnect by Connectwise

Product Information

Iscriviti alla newsletter