References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Change History

ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code injection attack. ASP.NET Web Forms use ViewState to preserve page and control state, with data encoded using Base64 protected by machine keys. 
It is important to note that to obtain these machine keys, privileged system level access must be obtained. 



If these machine keys are compromised, attackers could create and send a malicious ViewState to the website, potentially leading to remote code execution

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-287

https://www.connectwise.com/company/trust/advisories

https://www.connectwise.com/company/trust/security-bulletins/screenconnect-security-patch-2025.4