CVE-2025-34180
NetSupport Manager < 14.12.0001 Gateway Key Reversible Encoding Credential Recovery
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
NetSupport Manager < 14.12.0001 relies on a shared Gateway Key for authentication between Manager/Control, Client, and Connectivity Server components. The key is stored using a reversible encoding scheme. An attacker who obtains access to a deployed client configuration file can decode the stored value to recover the plaintext Gateway Key. Possession of the Gateway Key allows unauthorized access to NetSupport Manager connectivity services and enables remote control of systems managed through the same key.
| CWE | CWE-257 |
| Vendor | netsupport software |
| Product | manager |
| Published | Dec 15, 2025 |
| Last Updated | May 14, 2026 |
Stay Ahead of the Next One
Get instant alerts for netsupport software manager
Be the first to know when new unknown vulnerabilities affecting netsupport software manager are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
NetSupport Software / Manager
0 < 14.12.0001
References
kb.netsupportsoftware.com: https://kb.netsupportsoftware.com/knowledge-base/updating-and-securing-netsupport-manager/ vulncheck.com: https://www.vulncheck.com/advisories/netsupport-manager-gateway-key-reversible-encoding-credential-recovery ret2.me: https://ret2.me/post/2025-12-04-exploiting-netsupport-gateway/
Credits
Chris Leech