Provider of IT management and remote monitoring solutions ConnectWise is alerting customers that it is rotating the digital code signing certificates used to verify the integrity of its key products, ScreenConnect, ConnectWise Automate, and ConnectWise RMM, in response to potential security risks identified by a third-party researcher.
Digital certificates ensure downloaded software is authentic and untampered. ConnectWise's decision comes after concerns were raised over how configuration data in the ScreenConnect installer could potentially be misused if an attacker had system-level access.
The company said that this is a preventive action and not related to any recent security incident, including the nation-state cyberattack reported last month.
Initially, certificate authority DigiCert planned to revoke the current certificates on June 10, but ConnectWise received a deadline extension to Friday, June 13, 2025, at 8:00 PM ET, as its updated ScreenConnect version 25.4 was not yet ready for release.
The update affects both on-premises and cloud-based installations. Customers are advised to update the software before the deadline to avoid service interruptions. While the updated Automate build is already available, the new ScreenConnect version is expected shortly.
Cloud-hosted users will receive updates automatically, but the roll-out is happening in phases. ConnectWise advises all customers to visit its University page for downloads, FAQs, and step-by-step instructions.
