CVE-2025-3935 Vulnerability — CVSS 8.1, HIGH Severity

Description

ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code injection attack. ASP.NET Web Forms use ViewState to preserve page and control state, with data encoded using Base64 protected by machine keys. It is important to note that to obtain these machine keys, privileged system level access must be obtained. If these machine keys are compromised, attackers could create and send a malicious ViewState to the website, potentially leading to remote code execution

CISA Known Exploited Vulnerability

Date Added: 6/2/2025
Patch Due Date: 6/23/2025
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Technical Details

CVSS v3 Vector: 3.1
Published: 4/25/2025
Last Modified: 10/24/2025

Frequently Asked Questions

What is CVE-2025-3935?

ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code injection attack. ASP.NET Web Forms use ViewState to preserve page and control state, with data encoded using Base64 protected by machine keys. It is important to note that to obtain these machine keys, privileged system level access must be obtained. If these machine keys are compromised, attackers could create and send a malicious ViewState to the website, potentially leading to remote code execution

Is CVE-2025-3935 actively exploited?

Yes. CVE-2025-3935 is on the CISA Known Exploited Vulnerabilities (KEV) catalog, meaning it has been confirmed as actively exploited in the wild. CISA requires federal agencies to patch by 6/23/2025.

What is the CVSS score for CVE-2025-3935?

CVE-2025-3935 has a CVSS v3 base score of 8.1 (HIGH severity), with vector string 3.1.

CVE-2025-3935