CVE-2025-14265

Medienbericht

EPSS 0.06%
Veröffentlicht 11.12.2025 14:21:53
Zuletzt bearbeitet 16.01.2026 15:35:15
Quelle 7d616e1a-3288-43b1-a0dd-0a65d3
CVE-Watchlists
Login
Unerledigt
Login

In versions of ScreenConnect™ prior to 25.8, server-side validation and integrity checks within the extension subsystem could allow the installation and execution of untrusted or arbitrary extensions by authorized or administrative users. Abuse of this behavior could result in the execution of custom code on the server or unauthorized access to application configuration data. This issue affects only the ScreenConnect server component; host and guest clients are not impacted. ScreenConnect 25.8 introduces enhanced server-side configuration handling and integrity checks to ensure only trusted extensions can be installed.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Connectwise ≫ Screenconnect Version < 25.8.0.9438

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.169

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
7d616e1a-3288-43b1-a0dd-0a65d3e70a49	9.1	2.3	6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE-494 Download of Code Without Integrity Check

The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.

https://www.heise.de/news/Fernwartung-ScreenConnect-Kritische-Luecke-ermoeglicht-Schadcodeausfuehrung-11112865.html

Medienbericht

heise Security

12.12.2025 08:31

https://www.connectwise.com/company/trust/security-bulletins/screenconnect-2025.8-security-patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-14265

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-14265

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-14265

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-14265