What is CVE-2025-14265?

CVE-2025-14265 is a critical-severity vulnerability in Connectwise Screenconnect, classified under Download of Code Without Integrity Check. CVSS score: 9.1/10. Published 2025-12-11.

How severe is CVE-2025-14265?

Critical severity. CVSS v3 base score is 9.1 out of 10.

Vulnerability in Connectwise Screenconnect

CVE-2025-14265

In versions of ScreenConnect™ prior to 25.8, server-side validation and integrity checks within the extension subsystem could allow the installation and execution of untrusted or arbitrary extensions by authorized or administrative users…

EPSS: 0.001 (20.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H.

Affected products

Connectwise Screenconnect — versions All versions prior to 2025.8

Weakness classification (CWE)

CWE-494 — Download of Code Without Integrity Check

References

www.connectwise.com/company/trust/security-bulletins/screenconnect-2025.8-secur…

Frequently asked questions

What is CVE-2025-14265?: CVE-2025-14265 is a critical-severity vulnerability in Connectwise Screenconnect, classified under Download of Code Without Integrity Check. CVSS score: 9.1/10. Published 2025-12-11.
How severe is CVE-2025-14265?: Critical severity. CVSS v3 base score is 9.1 out of 10.