And as many managed services providers run ConnectWise Automate, ConnectWise has released a critical security update for its Automate platform to address vulnerabilities that could allow attackers to intercept sensitive data or inject malicious software updates. The identified flaws primarily affect on-premises installations, where misconfigurations may expose systems to network-based exploits. The vulnerabilities are classified as severe, with a base score of 9.6 for the first flaw, which involves the cleartext transmission of sensitive information, and a score of 8.8 for the second flaw, which allows code downloads without integrity checks. Thousands of IT service providers using ConnectWise Automate are at risk, particularly those running versions prior to the latest 2025.9 update. Security experts emphasize the urgency for on-premises users to apply this patch manually, as the fix enforces secure communications and helps prevent potential exploits in an increasingly volatile threat landscape.
Why do we care?
If you’re running ConnectWise Automate on-prem, stop what you’re doing and patch. Right now.
Two major vulnerabilities — one letting attackers read sensitive data in cleartext, another letting them inject code during updates. Both critical, both ugly, and both hit anyone not running the latest 2025.9 release.
Here’s the thing — this isn’t a “maybe later” update. Automate runs deep in your clients’ systems. If that’s compromised, you’re the attack vector. Again. RMM’s are a big bullseye used by attackers.
And it’s another argument against hosting RMM tools yourself. Cloud versions get patched automatically; on-prem ones depend on you keeping up. If you’re still maintaining an RMM server in your office or a colo, ask yourself — is that risk really worth it anymore?
If you don’t handle it, you’ll be explaining why you became their breach headline.