Wiz
Vulnerability DatabaseCVE-2023-25718

CVE-2023-25718
NixOS vulnerability analysis and mitigation

Overview

** DISPUTED ** In ConnectWise Control through 22.9.10032 (formerly known as ScreenConnect), a reported vulnerability involved the ability to add additional instructions to a signed executable file without invalidating the signature. The issue was reported in February 2023, affecting ConnectWise Control installations. ConnectWise's position is that this purported vulnerability represents a 'fundamental lack of understanding of Authenticode code signing behavior.' (MITRE CVE)

Technical details

The reported issue involved URL parameters 'h' (host) and 'p' (port) in downloading a Control client that could be manipulated to point the connection to another endpoint prior to version 22.8. ConnectWise addressed this in Control version 22.8.10013 with 'additional validation of client installer URL parameters to inhibit certain social engineering attacks.' The vendor maintains that this is not a true vulnerability but rather a misunderstanding of how Authenticode code signing works. (Huntress Blog)

Impact

The potential impact was initially reported as allowing an attacker to offer end users a different attacker-controlled executable file. However, this claim was disputed as it still required user interaction and social engineering to be effective. The actual impact was limited to potential social engineering scenarios rather than a true security vulnerability. (ConnectWise Blog)

Mitigation and workarounds

ConnectWise released version 22.8.10013 and later 22.9.10032 to address the URL parameter manipulation concern. For on-premises installations, administrators are recommended to configure WebServerAddressableUrl and RelayAddressableUrl to prevent proxying techniques. All cloud instances have been updated to remediate this issue. (Huntress Blog)

Community reactions

The security community, including Huntress researchers, has largely disagreed with the severity of the reported vulnerability. The consensus is that the claims were overblown and that the core issue still relies on social engineering rather than a true security vulnerability. The vendor's response and mitigation efforts were deemed appropriate for the actual risk level. (Huntress Blog)

Additional resources

SourceThis report was generated using AI

Related NixOS vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2026-22783HIGH8.1
  • NixOSNixOS
  • iris
NoYesJan 12, 2026
CVE-2026-0821MEDIUM6.9
  • NixOSNixOS
  • quickjs
NoNoJan 10, 2026
CVE-2025-68949MEDIUM5.3
  • NixOSNixOS
  • n8n
NoYesJan 13, 2026
CVE-2026-22784LOW2.3
  • NixOSNixOS
  • lychee
NoYesJan 12, 2026
CVE-2026-23497LOW1.3
  • NixOSNixOS
  • learning
NoYesJan 14, 2026

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo