CVE-2025-34179
Unauthenticated SQL Injection in NetSupport Manager Enables Local File Disclosure
Publication date: 2025-12-15
Last updated on: 2025-12-15
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| netsupport | netsupport_manager | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-34179 is an unauthenticated SQL injection vulnerability in NetSupport Manager versions prior to 14.12.0001. It occurs in the Connectivity Server/Gateway HTTPS request handling, where the server uses an unsanitized SQLite query on the FileLinks table in gateway.db. An attacker can inject SQL code through the LinkName/URI parameter to manipulate the FileName field, causing the server to read and return arbitrary local files from disk without authentication. [2]
How can this vulnerability impact me? :
This vulnerability allows a remote attacker to disclose arbitrary local files on the server without any authentication. This can lead to exposure of sensitive information stored on the server, potentially compromising confidentiality and security of the affected system. [2]
What immediate steps should I take to mitigate this vulnerability?
To mitigate CVE-2025-34179, immediately upgrade all NetSupport Manager components (Gateways, Controls, and Clients) to version 14.12.0001, which addresses this vulnerability. Use the full installer (Setup.exe) and license file (NSM.lic) to update the Gateway Server, following the installer prompts to overwrite existing installations. If you suspect Gateway Key compromise, generate and apply a new Gateway Key after updating and migrate all Clients and Controls to use the new key. Additionally, update any Active Directory or Intune policies that assign Gateway connection details to replace old encrypted Gateway Key values with the new AES-encrypted keys as specified in the update instructions. For Gateway Load Balancing environments, contact NetSupport Technical Support for update procedures. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not explicitly discuss how CVE-2025-34179 affects compliance with common standards and regulations such as GDPR or HIPAA. However, since the vulnerability allows unauthenticated arbitrary local file disclosure via SQL injection, it could potentially lead to unauthorized access to sensitive or personal data stored on the affected systems. This unauthorized disclosure could result in non-compliance with data protection regulations that require safeguarding personal and sensitive information. Organizations using vulnerable versions of NetSupport Manager should consider this risk and apply the recommended updates to mitigate potential compliance issues. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of CVE-2025-34179 involves monitoring HTTP requests to the NetSupport Gateway server (typically on TCP port 443) for suspicious or malformed URIs that may contain SQL injection payloads targeting the LinkName/URI parameter. Since the vulnerability exploits unsanitized SQLite queries on the FileLinks table, detection can include inspecting logs for unusual URI patterns or attempts to inject SQL syntax such as quotes, semicolons, or SQL keywords. Specific commands are not provided in the resources, but general approaches include using network monitoring tools (e.g., tcpdump, Wireshark) to capture HTTPS traffic to the Gateway server and analyzing it for suspicious URI parameters. Additionally, scanning the version of NetSupport Manager components to identify if they are running vulnerable versions (prior to 14.12.0001) can help detect exposure. Since the vulnerability is unauthenticated and remotely exploitable, any unexpected file access or unusual server responses to crafted URIs may indicate exploitation attempts. It is recommended to upgrade to version 14.12.0001 to mitigate the vulnerability. [2, 3, 1]