Arbitrary File Write Vulnerability in NetSupport Manager by NetSupport
CVE-2025-34181

8.7HIGH

Key Information:

Vendor: Netsupport Software
Status: Manager
Vendor: CVE Published:; 15 December 2025

🔔 Create Netsupport Software Vulnerability Alert

What is CVE-2025-34181?

NetSupport Manager versions before 14.12.0001 contain an arbitrary file write vulnerability in the Connectivity Server/Gateway's PUTFILE request handler. An authenticated attacker, who possesses a valid Gateway Key, can exploit this vulnerability by submitting a specially crafted filename that includes directory traversal sequences. This allows them to write files to arbitrary locations on the server. By leveraging this flaw, an attacker could potentially place malicious DLLs or executables in sensitive directories, leading to remote code execution within the context of the NetSupport Manager connectivity service.

Affected Version(s)

Manager 0 < 14.12.0001

References

https://kb.netsupportsoftware.com/knowledge-base/updating...

vendor-advisorypatch

https://www.vulncheck.com/advisories/netsupport-manager-a...

third-party-advisory

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 15, 2025
Vulnerability Reserved
Apr 15, 2025

Credit

Chris Leech

JSON