CVE-2025-14265

Improper server-side validation in ScreenConnect extension framework

Description

In versions of ScreenConnect™ prior to 25.8, server-side validation and integrity checks within the extension subsystem could allow the installation and execution of untrusted or arbitrary extensions by authorized or administrative users. Abuse of this behavior could result in the execution of custom code on the server or unauthorized access to application configuration data. This issue affects only the ScreenConnect server component; host and guest clients are not impacted. ScreenConnect 25.8 introduces enhanced server-side configuration handling and integrity checks to ensure only trusted extensions can be installed.

INFO

Published Date :

2025-12-11T14:21:53.234Z

Last Modified :

2026-02-26T16:21:03.963Z

Source :

ConnectWise

AFFECTED PRODUCTS

The following products are affected by CVE-2025-14265 vulnerability.

Vendors	Products
Connectwise	Screenconnect

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-14265.

URL	Resource
https://www.connectwise.com/company/trust/security-bulletins/screenconnect-2025.8-security-patch

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact