216.73.217.80

CVE-2025-14265

· Published 11/12/2025 15:15 · Modified 12/12/2025 15:18

Labels: CVE-2025-14265 2025-12-117d616e1a-3288-43b1-a0dd-0a65d3e70a49CVE-2025-14265

Essential information

Published
11/12/2025 15:15
Modified
12/12/2025 15:18
Author
Creator
CVSS
9.1 CRITICAL (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CVSS metrics

Description

In versions of ScreenConnect™ prior to 25.8, server-side validation and integrity checks within the extension subsystem could allow the installation and execution of untrusted or arbitrary extensions by authorized or administrative users. Abuse of this behavior could result in the execution of custom code on the server or unauthorized access to application configuration data. This issue affects only the ScreenConnect server component; host and guest clients are not impacted. ScreenConnect 25.8 introduces enhanced server-side configuration handling and integrity checks to ensure only trusted extensions can be installed.

NVD status

Status
Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
7d616e1a-3288-43b1-a0dd-0a65d3e70a49
NVD
View on NVD

References