CVE-2025-34180

NetSupport Manager < 14.12.0001 Gateway Key Reversible Encoding Credential Recovery

CVSS 8.4 HIGHEPSS 0.1%CWE-257

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 8.4EPSS 0.1%KEV nãoPoC —Patch referenciado

Lifecycle

Dec 15, 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

NetSupport Manager < 14.12.0001 relies on a shared Gateway Key for authentication between Manager/Control, Client, and Connectivity Server components. The key is stored using a reversible encoding scheme. An attacker who obtains access to a deployed client configuration file can decode the stored value to recover the plaintext Gateway Key. Possession of the Gateway Key allows unauthorized access to NetSupport Manager connectivity services and enables remote control of systems managed through the same key.

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H

Affected products

NetSupport Software · Manager

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://kb.netsupportsoftware.com/knowledge-base/updating-and-securing-netsupport-manager/https://ret2.me/post/2025-12-04-exploiting-netsupport-gateway/https://www.vulncheck.com/advisories/netsupport-manager-gateway-key-reversible-encoding-credential-recovery