CVE-2025-34180

High CVSS: 8.4

NetSupport Manager < 14.12.0001 relies on a shared Gateway Key for authentication between Manager/Control, Client, and Connectivity Server components. The key is stored using a reversible encoding scheme. An attacker who obtains access to a deployed client configuration file can decode the stored value to recover the plaintext Gateway Key. Possession of the Gateway Key allows unauthorized access to NetSupport Manager connectivity services and enables remote control of systems managed through the same key.

Vendor

Product

CWE

CWE-257

Yayın Tarihi

2025-12-15 15:15:49

Güncelleme

2025-12-15 19:16:04

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-257 HIGH 2025

Referanslar

https://kb.netsupportsoftware.com/knowledge-base/updating-and-securing-netsupport-manager/ https://ret2.me/post/2025-12-04-exploiting-netsupport-gateway/ https://www.vulncheck.com/advisories/netsupport-manager-gateway-key-reversible-encoding-credential-recovery