cbcvebase.

Netsupport Software Manager vulnerabilities

3 known vulnerabilities affecting netsupport_software/manager.

Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3

Vulnerabilities

Page 1 of 1
CVE-2025-34181P2HIGHCVSS 8.7fixed in 14.12.00012025-12-15
CVE-2025-34181 [HIGH] CWE-22 CVE-2025-34181: NetSupport Manager < 14.12.0001 contains an arbitrary file write vulnerability in its Connectivity S NetSupport Manager < 14.12.0001 contains an arbitrary file write vulnerability in its Connectivity Server/Gateway PUTFILE request handler. An attacker with a valid Gateway Key can supply a crafted filename containing directory traversal sequences to write files to arbitrary locations on the server. This can be leveraged to place attacker-controlled DLL
nvd
CVE-2025-34179P2HIGHCVSS 8.7fixed in 14.12.00012025-12-15
CVE-2025-34179 [HIGH] CWE-89 CVE-2025-34179: NetSupport Manager < 14.12.0001 contains an unauthenticated SQL injection vulnerability in its Conne NetSupport Manager < 14.12.0001 contains an unauthenticated SQL injection vulnerability in its Connectivity Server/Gateway HTTPS request handling. The server evaluates request URIs using an unsanitized SQLite query against the FileLinks table in gateway.db. By injecting SQL through the LinkName/URI value, a remote attacker can control the FileName fiel
nvd
CVE-2025-34180P3HIGHCVSS 8.4fixed in 14.12.00012025-12-15
CVE-2025-34180 [HIGH] CWE-257 CVE-2025-34180: NetSupport Manager < 14.12.0001 relies on a shared Gateway Key for authentication between Manager/C NetSupport Manager < 14.12.0001 relies on a shared Gateway Key for authentication between Manager/Control, Client, and Connectivity Server components. The key is stored using a reversible encoding scheme. An attacker who obtains access to a deployed client configuration file can decode the stored value to recover the plaintext Gateway Key. Possession o
nvd
Netsupport Software Manager vulnerabilities | cvebase