CVE-2025-3935: ScreenConnect Exposure to ASP.NET ViewState Code Injection
First published: Fri Apr 25 2025(Updated: )
ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code injection attack. ASP.NET Web Forms use ViewState to preserve page and control state, with data encoded using Base64 protected by machine keys. It is important to note that to obtain these machine keys, privileged system level access must be obtained. If these machine keys are compromised, attackers could create and send a malicious ViewState to the website, potentially leading to remote code execution on the server. The risk does not originate from a vulnerability introduced by ScreenConnect, but from platform level behavior. This had no direct impact to ScreenConnect Client. ScreenConnect 2025.4 patch disables ViewState and removes any dependency on it.
Credit: 7d616e1a-3288-43b1-a0dd-0a65d3e70a49
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ScreenConnect | <25.2.3 |
Remedy
Cloud: No action is required. On-premises: Upgrade to the latest stable version. Details and guidance can be found here: ScreenConnect 25.2.4 Security Patch https://www.connectwise.com/company/trust/security-bulletins/screenconnect-security-patch-2025.4
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-3935?
CVE-2025-3935 has a high severity rating due to its potential for exploitation via ViewState code injection.
How do I fix CVE-2025-3935?
To fix CVE-2025-3935, upgrade to ScreenConnect version 25.2.4 or later, as this version addresses the vulnerability.
What is the potential impact of CVE-2025-3935?
The potential impact of CVE-2025-3935 includes unauthorized access and manipulation of the application's state, which can lead to data breaches.
Which versions of ScreenConnect are affected by CVE-2025-3935?
ScreenConnect versions 25.2.3 and earlier are affected by CVE-2025-3935.
What is a ViewState code injection attack related to CVE-2025-3935?
A ViewState code injection attack involves injecting malicious code into the ViewState, potentially compromising the integrity of the application.
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/title
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/references
- agent/type
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/severity
- agent/author
- agent/event
- collector/epss-latest
- source/FIRST
- agent/source
- agent/tags
- agent/epss
- vendor/screenconnect
- canonical/screenconnect