Skip to main content

NetSupport Releases Security Updates for NetSupport Manager

Successful exploitation could lead to arbitrary local file disclosure, unauthorised access to NetSupport Manager and remote code execution in the context of the NetSupport Manager connectivity service.

Threat ID:
CC-4729
Threat Severity:
Medium
Published:
17 December 2025 1:45 PM
Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Successful exploitation could lead to arbitrary local file disclosure, unauthorised access to NetSupport Manager and remote code execution in the context of the NetSupport Manager connectivity service.

Affected platforms

The following platforms are known to be affected:

NetSupport Manager

  • all prior to 14.12.0001

Threat details

Proof-of-Concept Exploit

Security researchers have published a proof-of-concept exploit for CVE-2025-34179, CVE-2025-34180 and CVE-2025-34181. 

The NHS England National CSOC assesses future exploitation as likely.

Introduction

NetSupport has released security updates addressing 3 vulnerabilities in NetSupport Manager. 

  • CVE-2025-34179  - an 'Information Disclosure via Unauthenticated SQL Injection' vulnerability with a CVSSv3 score of 8.7.
  • CVE-2025-34180 -  a 'Weak Password Encoding' vulnerability with a CVSSv3 score of 8.7.
  • CVE-2025-34181 - a 'Remote Code Execution via Arbitrary File Upload' vulnerability with a CVSSv3 score of 8.7.

Remediation advice

Affected organisations are encouraged to review NetSupport's security advisory and apply the relevant updates as soon as possible.

CVE Vulnerabilities

Status Published

CVE-2025-34179

NetSupport Manager < 14.12.0001 contains an unauthenticated SQL injection vulnerability in its Connectivity Server/Gateway HTTPS request handling. The server evaluates request URIs using an unsanitized SQLite query against the FileLinks table in gateway.db. By injecting SQL through the LinkName/URI value, a remote attacker can control the FileName field used by the server to read and return files from disk, resulting in arbitrary local file disclosure.
Status Published

CVE-2025-34180

NetSupport Manager < 14.12.0001 relies on a shared Gateway Key for authentication between Manager/Control, Client, and Connectivity Server components. The key is stored using a reversible encoding scheme. An attacker who obtains access to a deployed client configuration file can decode the stored value to recover the plaintext Gateway Key. Possession of the Gateway Key allows unauthorized access to NetSupport Manager connectivity services and enables remote control of systems managed through the same key.
Status Published

CVE-2025-34181

NetSupport Manager < 14.12.0001 contains an arbitrary file write vulnerability in its Connectivity Server/Gateway PUTFILE request handler. An attacker with a valid Gateway Key can supply a crafted filename containing directory traversal sequences to write files to arbitrary locations on the server. This can be leveraged to place attacker-controlled DLLs or executables in privileged paths and achieve remote code execution in the context of the NetSupport Manager connectivity service.

Last edited: 17 December 2025 1:45 pm