Search criteria
6 vulnerabilities found for Manager by NetSupport Software
CVE-2025-34180 (GCVE-0-2025-34180)
Vulnerability from nvd – Published: 2025-12-15 14:41 – Updated: 2025-12-15 19:36
VLAI?
Summary
NetSupport Manager < 14.12.0001 relies on a shared Gateway Key for authentication between Manager/Control, Client, and Connectivity Server components. The key is stored using a reversible encoding scheme. An attacker who obtains access to a deployed client configuration file can decode the stored value to recover the plaintext Gateway Key. Possession of the Gateway Key allows unauthorized access to NetSupport Manager connectivity services and enables remote control of systems managed through the same key.
Severity ?
CWE
- CWE-257 - Storing Passwords in a Recoverable Format
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetSupport Software | Manager |
Affected:
0 , < 14.12.0001
(semver)
|
Credits
Chris Leech
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34180",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T19:36:28.060649Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T19:36:43.309Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Manager",
"vendor": "NetSupport Software",
"versions": [
{
"lessThan": "14.12.0001",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Chris Leech"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "NetSupport Manager\u0026nbsp;\u0026lt; 14.12.0001 relies on a shared Gateway Key for authentication between Manager/Control, Client, and Connectivity Server components. The key is stored using a reversible encoding scheme. An attacker who obtains access to a deployed client configuration file can decode the stored value to recover the plaintext Gateway Key. Possession of the Gateway Key allows unauthorized access to NetSupport Manager connectivity services and enables remote control of systems managed through the same key."
}
],
"value": "NetSupport Manager\u00a0\u003c 14.12.0001 relies on a shared Gateway Key for authentication between Manager/Control, Client, and Connectivity Server components. The key is stored using a reversible encoding scheme. An attacker who obtains access to a deployed client configuration file can decode the stored value to recover the plaintext Gateway Key. Possession of the Gateway Key allows unauthorized access to NetSupport Manager connectivity services and enables remote control of systems managed through the same key."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-257",
"description": "CWE-257 Storing Passwords in a Recoverable Format",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T18:12:33.699Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://kb.netsupportsoftware.com/knowledge-base/updating-and-securing-netsupport-manager/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/netsupport-manager-gateway-key-reversible-encoding-credential-recovery"
},
{
"tags": [
"technical-description",
"exploit"
],
"url": "https://ret2.me/post/2025-12-04-exploiting-netsupport-gateway/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "NetSupport Manager \u003c 14.12.0001 Gateway Key Reversible Encoding Credential Recovery",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34180",
"datePublished": "2025-12-15T14:41:52.451Z",
"dateReserved": "2025-04-15T19:15:22.567Z",
"dateUpdated": "2025-12-15T19:36:43.309Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-34181 (GCVE-0-2025-34181)
Vulnerability from nvd – Published: 2025-12-15 14:42 – Updated: 2025-12-15 19:24
VLAI?
Summary
NetSupport Manager < 14.12.0001 contains an arbitrary file write vulnerability in its Connectivity Server/Gateway PUTFILE request handler. An attacker with a valid Gateway Key can supply a crafted filename containing directory traversal sequences to write files to arbitrary locations on the server. This can be leveraged to place attacker-controlled DLLs or executables in privileged paths and achieve remote code execution in the context of the NetSupport Manager connectivity service.
Severity ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetSupport Software | Manager |
Affected:
0 , < 14.12.0001
(semver)
|
Credits
Chris Leech
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34181",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T19:23:52.401770Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T19:24:16.084Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Manager",
"vendor": "NetSupport Software",
"versions": [
{
"lessThan": "14.12.0001",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Chris Leech"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "NetSupport Manager\u0026nbsp;\u0026lt; 14.12.0001 contains an arbitrary file write vulnerability in its Connectivity Server/Gateway PUTFILE request handler. An attacker with a valid Gateway Key can supply a crafted filename containing directory traversal sequences to write files to arbitrary locations on the server. This can be leveraged to place attacker-controlled DLLs or executables in privileged paths and achieve remote code execution in the context of the NetSupport Manager connectivity service."
}
],
"value": "NetSupport Manager\u00a0\u003c 14.12.0001 contains an arbitrary file write vulnerability in its Connectivity Server/Gateway PUTFILE request handler. An attacker with a valid Gateway Key can supply a crafted filename containing directory traversal sequences to write files to arbitrary locations on the server. This can be leveraged to place attacker-controlled DLLs or executables in privileged paths and achieve remote code execution in the context of the NetSupport Manager connectivity service."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T18:12:07.768Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://kb.netsupportsoftware.com/knowledge-base/updating-and-securing-netsupport-manager/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/netsupport-manager-authenticated-path-traversal-arbitrary-write-rce"
},
{
"tags": [
"technical-description",
"exploit"
],
"url": "https://ret2.me/post/2025-12-04-exploiting-netsupport-gateway/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "NetSupport Manager \u003c 14.12.0001 Authenticated Path Traversal Arbitrary File Write RCE",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34181",
"datePublished": "2025-12-15T14:42:18.114Z",
"dateReserved": "2025-04-15T19:15:22.568Z",
"dateUpdated": "2025-12-15T19:24:16.084Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-34179 (GCVE-0-2025-34179)
Vulnerability from nvd – Published: 2025-12-15 14:41 – Updated: 2025-12-15 19:26
VLAI?
Summary
NetSupport Manager < 14.12.0001 contains an unauthenticated SQL injection vulnerability in its Connectivity Server/Gateway HTTPS request handling. The server evaluates request URIs using an unsanitized SQLite query against the FileLinks table in gateway.db. By injecting SQL through the LinkName/URI value, a remote attacker can control the FileName field used by the server to read and return files from disk, resulting in arbitrary local file disclosure.
Severity ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetSupport Software | Manager |
Affected:
0 , < 14.12.0001
(semver)
|
Credits
Chris Leech
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34179",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T19:26:34.727319Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T19:26:51.604Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Manager",
"vendor": "NetSupport Software",
"versions": [
{
"lessThan": "14.12.0001",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Chris Leech"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "NetSupport Manager \u0026lt;\u0026nbsp;14.12.0001\u0026nbsp;contains an unauthenticated SQL injection vulnerability in its Connectivity Server/Gateway HTTPS request handling. The server evaluates request URIs using an unsanitized SQLite query against the FileLinks table in gateway.db. By injecting SQL through the LinkName/URI value, a remote attacker can control the FileName field used by the server to read and return files from disk, resulting in arbitrary local file disclosure."
}
],
"value": "NetSupport Manager \u003c\u00a014.12.0001\u00a0contains an unauthenticated SQL injection vulnerability in its Connectivity Server/Gateway HTTPS request handling. The server evaluates request URIs using an unsanitized SQLite query against the FileLinks table in gateway.db. By injecting SQL through the LinkName/URI value, a remote attacker can control the FileName field used by the server to read and return files from disk, resulting in arbitrary local file disclosure."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T18:12:53.591Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://kb.netsupportsoftware.com/knowledge-base/updating-and-securing-netsupport-manager/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/netsupport-manager-unauthenticated-sqli-local-file-disclosure"
},
{
"tags": [
"technical-description",
"exploit"
],
"url": "https://ret2.me/post/2025-12-04-exploiting-netsupport-gateway/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "NetSupport Manager \u003c 14.12.0001 Unauthenticated SQLi Local File Disclosure",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34179",
"datePublished": "2025-12-15T14:41:27.306Z",
"dateReserved": "2025-04-15T19:15:22.567Z",
"dateUpdated": "2025-12-15T19:26:51.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-34181 (GCVE-0-2025-34181)
Vulnerability from cvelistv5 – Published: 2025-12-15 14:42 – Updated: 2025-12-15 19:24
VLAI?
Summary
NetSupport Manager < 14.12.0001 contains an arbitrary file write vulnerability in its Connectivity Server/Gateway PUTFILE request handler. An attacker with a valid Gateway Key can supply a crafted filename containing directory traversal sequences to write files to arbitrary locations on the server. This can be leveraged to place attacker-controlled DLLs or executables in privileged paths and achieve remote code execution in the context of the NetSupport Manager connectivity service.
Severity ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetSupport Software | Manager |
Affected:
0 , < 14.12.0001
(semver)
|
Credits
Chris Leech
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34181",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T19:23:52.401770Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T19:24:16.084Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Manager",
"vendor": "NetSupport Software",
"versions": [
{
"lessThan": "14.12.0001",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Chris Leech"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "NetSupport Manager\u0026nbsp;\u0026lt; 14.12.0001 contains an arbitrary file write vulnerability in its Connectivity Server/Gateway PUTFILE request handler. An attacker with a valid Gateway Key can supply a crafted filename containing directory traversal sequences to write files to arbitrary locations on the server. This can be leveraged to place attacker-controlled DLLs or executables in privileged paths and achieve remote code execution in the context of the NetSupport Manager connectivity service."
}
],
"value": "NetSupport Manager\u00a0\u003c 14.12.0001 contains an arbitrary file write vulnerability in its Connectivity Server/Gateway PUTFILE request handler. An attacker with a valid Gateway Key can supply a crafted filename containing directory traversal sequences to write files to arbitrary locations on the server. This can be leveraged to place attacker-controlled DLLs or executables in privileged paths and achieve remote code execution in the context of the NetSupport Manager connectivity service."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T18:12:07.768Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://kb.netsupportsoftware.com/knowledge-base/updating-and-securing-netsupport-manager/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/netsupport-manager-authenticated-path-traversal-arbitrary-write-rce"
},
{
"tags": [
"technical-description",
"exploit"
],
"url": "https://ret2.me/post/2025-12-04-exploiting-netsupport-gateway/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "NetSupport Manager \u003c 14.12.0001 Authenticated Path Traversal Arbitrary File Write RCE",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34181",
"datePublished": "2025-12-15T14:42:18.114Z",
"dateReserved": "2025-04-15T19:15:22.568Z",
"dateUpdated": "2025-12-15T19:24:16.084Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-34180 (GCVE-0-2025-34180)
Vulnerability from cvelistv5 – Published: 2025-12-15 14:41 – Updated: 2025-12-15 19:36
VLAI?
Summary
NetSupport Manager < 14.12.0001 relies on a shared Gateway Key for authentication between Manager/Control, Client, and Connectivity Server components. The key is stored using a reversible encoding scheme. An attacker who obtains access to a deployed client configuration file can decode the stored value to recover the plaintext Gateway Key. Possession of the Gateway Key allows unauthorized access to NetSupport Manager connectivity services and enables remote control of systems managed through the same key.
Severity ?
CWE
- CWE-257 - Storing Passwords in a Recoverable Format
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetSupport Software | Manager |
Affected:
0 , < 14.12.0001
(semver)
|
Credits
Chris Leech
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34180",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T19:36:28.060649Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T19:36:43.309Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Manager",
"vendor": "NetSupport Software",
"versions": [
{
"lessThan": "14.12.0001",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Chris Leech"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "NetSupport Manager\u0026nbsp;\u0026lt; 14.12.0001 relies on a shared Gateway Key for authentication between Manager/Control, Client, and Connectivity Server components. The key is stored using a reversible encoding scheme. An attacker who obtains access to a deployed client configuration file can decode the stored value to recover the plaintext Gateway Key. Possession of the Gateway Key allows unauthorized access to NetSupport Manager connectivity services and enables remote control of systems managed through the same key."
}
],
"value": "NetSupport Manager\u00a0\u003c 14.12.0001 relies on a shared Gateway Key for authentication between Manager/Control, Client, and Connectivity Server components. The key is stored using a reversible encoding scheme. An attacker who obtains access to a deployed client configuration file can decode the stored value to recover the plaintext Gateway Key. Possession of the Gateway Key allows unauthorized access to NetSupport Manager connectivity services and enables remote control of systems managed through the same key."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-257",
"description": "CWE-257 Storing Passwords in a Recoverable Format",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T18:12:33.699Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://kb.netsupportsoftware.com/knowledge-base/updating-and-securing-netsupport-manager/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/netsupport-manager-gateway-key-reversible-encoding-credential-recovery"
},
{
"tags": [
"technical-description",
"exploit"
],
"url": "https://ret2.me/post/2025-12-04-exploiting-netsupport-gateway/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "NetSupport Manager \u003c 14.12.0001 Gateway Key Reversible Encoding Credential Recovery",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34180",
"datePublished": "2025-12-15T14:41:52.451Z",
"dateReserved": "2025-04-15T19:15:22.567Z",
"dateUpdated": "2025-12-15T19:36:43.309Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-34179 (GCVE-0-2025-34179)
Vulnerability from cvelistv5 – Published: 2025-12-15 14:41 – Updated: 2025-12-15 19:26
VLAI?
Summary
NetSupport Manager < 14.12.0001 contains an unauthenticated SQL injection vulnerability in its Connectivity Server/Gateway HTTPS request handling. The server evaluates request URIs using an unsanitized SQLite query against the FileLinks table in gateway.db. By injecting SQL through the LinkName/URI value, a remote attacker can control the FileName field used by the server to read and return files from disk, resulting in arbitrary local file disclosure.
Severity ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetSupport Software | Manager |
Affected:
0 , < 14.12.0001
(semver)
|
Credits
Chris Leech
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34179",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T19:26:34.727319Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T19:26:51.604Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Manager",
"vendor": "NetSupport Software",
"versions": [
{
"lessThan": "14.12.0001",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Chris Leech"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "NetSupport Manager \u0026lt;\u0026nbsp;14.12.0001\u0026nbsp;contains an unauthenticated SQL injection vulnerability in its Connectivity Server/Gateway HTTPS request handling. The server evaluates request URIs using an unsanitized SQLite query against the FileLinks table in gateway.db. By injecting SQL through the LinkName/URI value, a remote attacker can control the FileName field used by the server to read and return files from disk, resulting in arbitrary local file disclosure."
}
],
"value": "NetSupport Manager \u003c\u00a014.12.0001\u00a0contains an unauthenticated SQL injection vulnerability in its Connectivity Server/Gateway HTTPS request handling. The server evaluates request URIs using an unsanitized SQLite query against the FileLinks table in gateway.db. By injecting SQL through the LinkName/URI value, a remote attacker can control the FileName field used by the server to read and return files from disk, resulting in arbitrary local file disclosure."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T18:12:53.591Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://kb.netsupportsoftware.com/knowledge-base/updating-and-securing-netsupport-manager/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/netsupport-manager-unauthenticated-sqli-local-file-disclosure"
},
{
"tags": [
"technical-description",
"exploit"
],
"url": "https://ret2.me/post/2025-12-04-exploiting-netsupport-gateway/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "NetSupport Manager \u003c 14.12.0001 Unauthenticated SQLi Local File Disclosure",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34179",
"datePublished": "2025-12-15T14:41:27.306Z",
"dateReserved": "2025-04-15T19:15:22.567Z",
"dateUpdated": "2025-12-15T19:26:51.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}