Arbitrary File Write Vulnerability in NetSupport Manager by NetSupport
CVE-2025-34181
Key Information:
- Vendor
Netsupport Software
- Status
- Vendor
- CVE Published:
- 15 December 2025
Badges
What is CVE-2025-34181?
NetSupport Manager versions before 14.12.0001 contain an arbitrary file write vulnerability in the Connectivity Server/Gateway's PUTFILE request handler. An authenticated attacker, who possesses a valid Gateway Key, can exploit this vulnerability by submitting a specially crafted filename that includes directory traversal sequences. This allows them to write files to arbitrary locations on the server. By leveraging this flaw, an attacker could potentially place malicious DLLs or executables in sensitive directories, leading to remote code execution within the context of the NetSupport Manager connectivity service.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Manager 0 < 14.12.0001
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved