Organizations have been warned by the Cybersecurity and Infrastructure Security Agency regarding ongoing intrusions exploiting the recently addressed ConnectWise ScreenConnect vulnerability, tracked as CVE-2025-3935, reports BleepingComputer.
While such a flaw which could be leveraged in ViewState code injection attacks was suspected to have been harnessed in a suspected state-backed attack against the remote monitoring and management software provider, ConnectWise has not acknowledged the claim, only stating that a limited number of its customers had been affected. Meanwhile, CISA has added four other security issues to its Known Exploited Vulnerabilities list, including the critical authentication bypass and high-severity OS injection bugs in Asus routers, tracked as CVE-2021-32030 and CVE-2023-39780, respectively, and the critical and medium severity flaws in Craft CMS, tracked as CVE-2024-56145 and CVE-2025-35939, respectively. Attacks combining CVE-2023-39780 with other authentication bypass issues were reported by GreyNoise to have facilitated the creation of the AyySSHush botnet. All of the newly included KEV entries should be remediated by June 23, according to CISA.
While such a flaw which could be leveraged in ViewState code injection attacks was suspected to have been harnessed in a suspected state-backed attack against the remote monitoring and management software provider, ConnectWise has not acknowledged the claim, only stating that a limited number of its customers had been affected. Meanwhile, CISA has added four other security issues to its Known Exploited Vulnerabilities list, including the critical authentication bypass and high-severity OS injection bugs in Asus routers, tracked as CVE-2021-32030 and CVE-2023-39780, respectively, and the critical and medium severity flaws in Craft CMS, tracked as CVE-2024-56145 and CVE-2025-35939, respectively. Attacks combining CVE-2023-39780 with other authentication bypass issues were reported by GreyNoise to have facilitated the creation of the AyySSHush botnet. All of the newly included KEV entries should be remediated by June 23, according to CISA.
