CVE-2025-7204

Exposure of Password Hashes in API Responses in ConnectWise PSA

Discovered by Michael Newton on behalf of The Missing Link Security

Vulnerability Details

In ConnectWise PSA versions older than 2025.9, a vulnerability exists where authenticated users could gain access to encrypted password hashes for other users.

Affected Versions

Before 2025.9

Fixed Versions

Fixed in: 2025.9

Latest News

Is your IAM strategy holding you back? Why Identity is the key to cyber resilience

Cloud vs On-Prem for SMB security: What’s really safer in 2025?

Is your response plan built to scale? Inside the MDR advantage

See All News