Reversible Encoding Vulnerability in NetSupport Manager by NetSupport
CVE-2025-34180

8.4HIGH

Key Information:

Vendor: Netsupport Software
Status: Manager
Vendor: CVE Published:; 15 December 2025

🔔 Create Netsupport Software Vulnerability Alert

What is CVE-2025-34180?

A vulnerability exists in NetSupport Manager prior to version 14.12.0001, where a shared Gateway Key is utilized for authentication across its components. This key is stored using a reversible encoding method, making it susceptible to decoding. If an attacker gains access to a client configuration file, they can easily retrieve the plaintext Gateway Key. This compromise allows unauthorized individuals to access NetSupport Manager's connectivity services and remotely control systems under that key, posing significant security risks.

Affected Version(s)

Manager 0 < 14.12.0001

References

https://kb.netsupportsoftware.com/knowledge-base/updating...

vendor-advisorypatch

https://www.vulncheck.com/advisories/netsupport-manager-g...

third-party-advisory

CVSS V4

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 15, 2025
Vulnerability Reserved
Apr 15, 2025

Credit

Chris Leech

JSON