CVE-2025-34179
NetSupport Manager < 14.12.0001 Unauthenticated SQLi Local File Disclosure
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
NetSupport Manager < 14.12.0001 contains an unauthenticated SQL injection vulnerability in its Connectivity Server/Gateway HTTPS request handling. The server evaluates request URIs using an unsanitized SQLite query against the FileLinks table in gateway.db. By injecting SQL through the LinkName/URI value, a remote attacker can control the FileName field used by the server to read and return files from disk, resulting in arbitrary local file disclosure.
| CWE | CWE-89 |
| Vendor | netsupport software |
| Product | manager |
| Published | Dec 15, 2025 |
| Last Updated | May 14, 2026 |
Stay Ahead of the Next One
Get instant alerts for netsupport software manager
Be the first to know when new unknown vulnerabilities affecting netsupport software manager are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
NetSupport Software / Manager
0 < 14.12.0001
References
kb.netsupportsoftware.com: https://kb.netsupportsoftware.com/knowledge-base/updating-and-securing-netsupport-manager/ vulncheck.com: https://www.vulncheck.com/advisories/netsupport-manager-unauthenticated-sqli-local-file-disclosure ret2.me: https://ret2.me/post/2025-12-04-exploiting-netsupport-gateway/
Credits
Chris Leech