Seven Hundred ScreenConnect Servers Miss Crucial Security Update

By Netvora Tech News

---

A staggering 700 ScreenConnect servers, including 17 in the Netherlands, are at risk of being compromised due to a lack of a crucial security update. ConnectWise, the company behind ScreenConnect, had previously urged customers to install the patch as soon as possible, citing a timeframe of "within a few days". The vulnerability in ScreenConnect has been used in the past to distribute ransomware, and its compromise could potentially allow an attacker to roll out ransomware to numerous organizations. ScreenConnect is a software solution for remote system management and monitoring, commonly used by managed service providers (MSPs) to manage their clients' systems. By compromising a ScreenConnect server, an attacker could potentially gain access to a wide range of organizations. The vulnerability, identified as CVE-2025-3935, allows attackers to inject code into the server through a "ViewState code injection attack". However, this requires the attacker to gain access to the machine keys, which necessitates system-level access with the required permissions. The impact of this vulnerability is rated 8.1 on a scale of 1 to 10, indicating it is not a critical security flaw. Nevertheless, ConnectWise has given the update the highest priority and is urging customers to install the patch as soon as possible. The Shadowserver Foundation, a non-profit organization dedicated to combating cybercrime, has detected the 700 ScreenConnect servers that are missing the update. Seventeen of these servers are located in the Netherlands.