ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks

Jun 12, 2025Ravie LakshmananVulnerability / Software Security

ConnectWise has disclosed that it’s planning to rotate the digital code signing certificates used to sign ScreenConnect, ConnectWise Automate, and ConnectWise remote monitoring and management (RMM) executables due to security concerns.

The company said it’s doing so “due to concerns raised by a third-party researcher about how ScreenConnect handled certain configuration data in earlier versions.”

While the company did not publicly elaborate on the nature of the problem, it has shed more light in a non-public FAQ accessible only to its customers (and later shared on Reddit) –

The concern stems from ScreenConnect using the ability to store configuration data in an available area of the installer that is not signed but is part of the installer. We are using this ability to pass down configuration information for the connection (between the agent and server) such as the URL where the agent should call back without invalidating the signature. The unsigned area is used by our software and others for customization, however, when coupled with the capabilities of a remote control solution, it could create an insecure design pattern by today’s security standards.

Besides issuing new certificates, the company said it’s releasing an update that’s designed to improve how the aforementioned configuration data is managed in ScreenConnect.

The revocation of digital certificates is expected to take place by June 13 at 8 p.m. ET (June 14, 12 a.m. UTC). ConnectWise has emphasized that the issue does not involve a compromise of its systems or certificates.

It’s worth noting that automatically ConnectWise is already in the process of updating certificates and agents across all its cloud instances of Automate and RMM.

However, those using on-premise versions of ScreenConnect or Automate are required to update to the latest build and validate that all agents are updated before the cutoff date to avoid any possible service disruptions.

“We had already planned enhancements to certificate management and product hardening, but these efforts are now being implemented on an accelerated timeline,” ConnectWise said. We understand this may create challenges and are committed to supporting you through the transition.”

The development comes merely days after the company disclosed that a suspected nation-state threat actor breached its systems and affected a small number of its customers by exploiting CVE-2025-3935 to conduct ViewState code injection attacks.

It also comes as attackers are increasingly relying on legitimate RMM software like ScreenConnect and others to obtain stealthy, persistent remote access, effectively allowing them to blend in with normal activity and fly under the radar.

This attack methodology, called living-off-the-land (LotL), makes it possible to hijack the software’s inherent capabilities for remote access, file transfer, and command execution.

Upgrade your audio game with the Logitech for Creators Blue Yeti USB Microphone. With over 33,730 ratings and an impressive 4.6 out of 5 stars, it’s no wonder this is an Amazon’s Choice product. Recently, 5K+ units were purchased in the past month.

Available in five stunning colors: Teal, Silver, Pink Dawn, Midnight Blue, and Blackout, this microphone is perfect for creators looking to produce exceptional audio. Priced at only $84.99, it’s a deal you can’t afford to miss.

Elevate your recordings with clear broadcast-quality sound and explore your creativity with enhanced effects, advanced modulation, and HD audio samples. Order now for just $84.99 on Amazon!

Help Power Techcratic’s Future – Scan To Support

If Techcratic’s content and insights have helped you, consider giving back by supporting the platform with crypto. Every contribution makes a difference, whether it’s for high-quality content, server maintenance, or future updates. Techcratic is constantly evolving, and your support helps drive that progress.

As a solo operator who wears all the hats, creating content, managing the tech, and running the site, your support allows me to stay focused on delivering valuable resources. Your support keeps everything running smoothly and enables me to continue creating the content you love. I’m deeply grateful for your support, it truly means the world to me! Thank you!