CVE-2025-34181
📋 TL;DR
NetSupport Manager versions before 14.12.0001 contain an authenticated path traversal vulnerability in the Connectivity Server/Gateway's PUTFILE handler. An attacker with a valid Gateway Key can write arbitrary files to privileged locations, potentially leading to remote code execution. Organizations using vulnerable NetSupport Manager deployments are affected.
💻 Affected Systems
- NetSupport Manager
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise via remote code execution as the NetSupport connectivity service account, potentially leading to lateral movement and data exfiltration.
Likely Case
Attacker writes malicious DLLs or executables to system directories, achieving code execution and persistence on the server.
If Mitigated
File writes limited to intended directories with no privilege escalation possible.
🎯 Exploit Status
Exploitation requires Gateway Key authentication but is straightforward once obtained. Public technical details and proof-of-concept available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 14.12.0001
Vendor Advisory: https://kb.netsupportsoftware.com/knowledge-base/updating-and-securing-netsupport-manager/
Restart Required: Yes
Instructions:
1. Download NetSupport Manager version 14.12.0001 or later from official vendor site. 2. Run installer on affected systems. 3. Restart NetSupport Manager services. 4. Verify version update.
🔧 Temporary Workarounds
Restrict Gateway Key Access
allLimit Gateway Key distribution and rotate keys regularly to reduce attack surface.
Network Segmentation
allIsolate NetSupport Manager Gateway from untrusted networks and implement strict firewall rules.
🧯 If You Can't Patch
- Implement strict network access controls to limit connectivity to NetSupport Gateway only from trusted sources.
- Monitor for suspicious file write operations in NetSupport Manager logs and system directories.
🔍 How to Verify
Check if Vulnerable:
Check NetSupport Manager version in Control Panel > Programs and Features or via 'netsupportmanager.exe --version' command.Check Version:
netsupportmanager.exe --versionVerify Fix Applied:
Confirm version is 14.12.0001 or higher and test PUTFILE functionality with path traversal attempts.📡 Detection & Monitoring
Log Indicators:
- Unusual PUTFILE requests with directory traversal sequences (../) in NetSupport logs
- File writes to system directories from NetSupport process
Network Indicators:
- PUTFILE requests containing path traversal patterns
- Unexpected file transfer activity to NetSupport Gateway
SIEM Query:
source="netsupport.log" AND (PUTFILE AND ("..\\" OR "../"))