Unauthenticated SQL Injection in NetSupport Manager by NetSupport
CVE-2025-34179

8.7HIGH

Key Information:

Vendor: Netsupport Software
Status: Manager
Vendor: CVE Published:; 15 December 2025

🔔 Create Netsupport Software Vulnerability Alert

What is CVE-2025-34179?

NetSupport Manager versions earlier than 14.12.0001 have a vulnerability in the Connectivity Server/Gateway that allows unauthenticated SQL injection via unsanitized request handling. This flaw enables remote attackers to manipulate the LinkName/URI value, leading to control over the FileName field used by the server. Consequently, attackers can exploit this to read unauthorized file data from the server's disk, resulting in arbitrary local file disclosure.

Affected Version(s)

Manager 0 < 14.12.0001

References

https://kb.netsupportsoftware.com/knowledge-base/updating...

vendor-advisorypatch

https://www.vulncheck.com/advisories/netsupport-manager-u...

third-party-advisory

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 15, 2025
Vulnerability Reserved
Apr 15, 2025

Credit

Chris Leech

JSON