Reversible Encoding Vulnerability in NetSupport Manager by NetSupport
CVE-2025-34180

8.4HIGH

Key Information:

Vendor

Netsupport Software

Status
Manager
Vendor
CVE Published:
15 December 2025

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2025-34180?

A vulnerability exists in NetSupport Manager prior to version 14.12.0001, where a shared Gateway Key is utilized for authentication across its components. This key is stored using a reversible encoding method, making it susceptible to decoding. If an attacker gains access to a client configuration file, they can easily retrieve the plaintext Gateway Key. This compromise allows unauthorized individuals to access NetSupport Manager's connectivity services and remotely control systems under that key, posing significant security risks.

Affected Version(s)

Manager 0 < 14.12.0001

References

https://kb.netsupportsoftware.com/knowledge-base/updating...
vendor-advisorypatch
https://www.vulncheck.com/advisories/netsupport-manager-g...
third-party-advisory
https://ret2.me/post/2025-12-04-exploiting-netsupport-gat...
technical-descriptionexploit

CVSS V4

Score:
8.4
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Chris Leech
.