CVE-2025-14823 is a vulnerability classified under CWE-201 (Insertion of Sensitive Information Into Sent Data) affecting ConnectWise ScreenConnect deployments that utilize the Certificate Signing Extension prior to version 1.0.12. The issue arises because encrypted configuration values, including keys related to Azure Key Vault, can be returned through a client-facing endpoint without requiring authentication. While these values remain encrypted and securely stored at rest, their encrypted representations are exposed in responses sent to clients, potentially allowing attackers to collect encrypted secrets. This exposure occurs due to the extension handling configuration data partially on the client side. The vulnerability does not allow decryption or direct manipulation of data, thus impacting confidentiality but not integrity or availability. The CVSS v3.1 base score is 5.3 (medium severity), reflecting the ease of exploitation (network accessible, no privileges or user interaction required) but limited impact scope. The vendor mitigated the vulnerability by updating the Certificate Signing Extension to version 1.0.12, which enforces server-side handling of sensitive configuration data, preventing encrypted values from being transmitted to or rendered by client components. No known exploits are reported in the wild as of publication.

For European organizations, the primary impact of CVE-2025-14823 is the potential leakage of encrypted sensitive configuration data, including Azure Key Vault-related keys, to unauthenticated external actors. Although the data remains encrypted, repeated collection of encrypted values could aid attackers in cryptanalysis or facilitate further attacks if combined with other vulnerabilities. This could undermine the confidentiality of critical secrets used in remote support and management operations. Organizations relying on ConnectWise ScreenConnect for remote access, especially those integrating with Azure Key Vault for secret management, face increased risk of information disclosure. The vulnerability does not affect system integrity or availability, so operational disruption is unlikely. However, the exposure of encrypted secrets could lead to reputational damage, compliance issues under GDPR, and potential escalation if attackers leverage the leaked data in chained attacks. European entities in sectors with stringent data protection requirements, such as finance, healthcare, and government, should be particularly vigilant.

European organizations using ConnectWise ScreenConnect with the Certificate Signing Extension should immediately update the extension to version 1.0.12 or later to ensure all sensitive configuration handling occurs server-side, preventing encrypted data exposure. Additionally, organizations should audit their deployment configurations to verify no legacy versions remain in use. Network-level controls such as restricting access to the ScreenConnect client-facing endpoints to trusted IP ranges can reduce exposure risk. Monitoring and logging client endpoint requests for unusual access patterns may help detect exploitation attempts. Organizations should also review their Azure Key Vault usage and rotate keys if there is suspicion of compromise. Implementing strict access controls and multi-factor authentication on management consoles further reduces risk. Finally, maintaining an up-to-date inventory of remote access tools and their extensions will aid in timely patch management.