CVE-2025-14823 – This vulnerability in ScreenConnect's Certifica... (How to Fix)

Q: What is the severity of CVE-2025-14823?

CVE-2025-14823 has a CVSS score of 5.3 (MEDIUM). This vulnerability in ScreenConnect's Certificate Signing Extension could expose encrypted Azure Key Vault configuration values to unauthenticated users through client-facing endpoints. While the values remain encrypted, their exposure could aid attackers in understanding system configuration. Organizations using ScreenConnect with this extension are affected.

📋 TL;DR

This vulnerability in ScreenConnect's Certificate Signing Extension could expose encrypted Azure Key Vault configuration values to unauthenticated users through client-facing endpoints. While the values remain encrypted, their exposure could aid attackers in understanding system configuration. Organizations using ScreenConnect with this extension are affected.

💻 Affected Systems

Products:

ScreenConnect Certificate Signing Extension

Versions: Versions below 1.0.12

Operating Systems: All platforms running ScreenConnect

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects deployments using the Certificate Signing Extension with Azure Key Vault integration.

📦 What is this software?

Screenconnect by Connectwise

View all CVEs affecting Screenconnect →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers obtain encrypted Azure Key Vault configuration data, potentially enabling further attacks if encryption is broken or combined with other vulnerabilities.

🟠

Likely Case

Information disclosure that reveals system architecture details, helping attackers plan targeted attacks against the Azure Key Vault integration.

🟢

If Mitigated

Minimal impact as encrypted data alone without decryption keys provides limited utility to attackers.

🌐 Internet-Facing: MEDIUM - Client-facing endpoints could expose encrypted data to internet-based attackers, but data remains encrypted.

🏢 Internal Only: LOW - Internal attackers would need access to client-facing endpoints, and data remains encrypted.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires accessing specific client-facing endpoints under certain conditions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.0.12 or higher

Vendor Advisory: https://www.connectwise.com/company/trust/security-bulletins/2025-12-18-screenconnect-certificate-signing-extension-update

Restart Required: Yes

Instructions:

1. Download Certificate Signing Extension version 1.0.12 or higher from ConnectWise. 2. Install the updated extension in ScreenConnect. 3. Restart ScreenConnect services.

🔧 Temporary Workarounds

Disable Certificate Signing Extension

all

Temporarily disable the vulnerable extension until patching is possible.

Navigate to ScreenConnect Admin > Extensions > Certificate Signing Extension > Disable

Restrict Client-Facing Endpoint Access

all

Implement network controls to limit access to vulnerable endpoints.

Configure firewall rules to restrict access to ScreenConnect client endpoints from untrusted networks

🧯 If You Can't Patch

Implement strict network segmentation to isolate ScreenConnect servers from untrusted networks
Monitor for unusual access patterns to client-facing endpoints and review logs regularly

🔍 How to Verify

Check if Vulnerable:

Check Certificate Signing Extension version in ScreenConnect Admin > Extensions. If version is below 1.0.12, system is vulnerable.

Check Version:

Check via ScreenConnect web interface: Admin > Extensions > Certificate Signing Extension

Verify Fix Applied:

Confirm extension version is 1.0.12 or higher in ScreenConnect Admin > Extensions.

📡 Detection & Monitoring

Log Indicators:

Unusual access patterns to client-facing endpoints
Requests returning encrypted configuration data in responses

Network Indicators:

Unusual traffic to ScreenConnect client endpoints from unauthorized sources

SIEM Query:

source="screenconnect" AND (uri="*client-endpoint*" OR response_contains="encrypted")

📊 Metadata

CVE ID: CVE-2025-14823

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-201

EPSS Score: 0.03% exploit probability (8.2th percentile)

Published: December 18, 2025

Last Updated: January 16, 2026

🔗 References

https://www.connectwise.com/company/trust/security-bulletins/2025-12-18-screenconnect-certificate-signing-extension-update Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-14823, you might also want to check these: