CVE-2025-34180
Reversible Key Exposure in NetSupport Manager Enables Unauthorized Access
Publication date: 2025-12-15
Last updated on: 2025-12-15
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| netsupport | netsupport_manager | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-257 | The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plaintext passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders. If a system administrator can recover a password directly, or use a brute force search on the available information, the administrator can use the password on other accounts. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-34180 is a vulnerability in NetSupport Manager versions prior to 14.12.0001 where the Gateway Key used for authentication between Manager/Control, Client, and Connectivity Server components is stored using a reversible encoding scheme. This means an attacker who obtains access to a deployed client configuration file can decode the stored value to recover the plaintext Gateway Key. With this key, the attacker can gain unauthorized access to NetSupport Manager connectivity services and remotely control systems managed with the same key. [2]
How can this vulnerability impact me? :
If exploited, this vulnerability allows an attacker to recover the plaintext Gateway Key from a client configuration file, enabling unauthorized access to NetSupport Manager connectivity services. This unauthorized access can lead to remote control of systems managed through the compromised Gateway Key, potentially resulting in loss of confidentiality, integrity, and availability of those systems. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves identifying deployed NetSupport Manager client configuration files that contain the Gateway Key stored with reversible encoding. You can locate these configuration files (such as Client32u.ini) on client systems and inspect the Gateway Key field. Since the key is reversibly encoded, decoding scripts or tools can be used to check if the stored key is in the vulnerable format. Specific commands are not provided in the resources, but searching for the configuration files and examining the Gateway Key entries is the recommended approach. [2, 1]
What immediate steps should I take to mitigate this vulnerability?
Immediately upgrade all NetSupport Manager components (Gateways, Controls, and Clients) to version 14.12.0001, which replaces the weak reversible encoding with AES encryption for the Gateway Key. After updating, if you suspect the Gateway Key has been compromised, generate and apply a new Gateway Key and migrate all Clients and Controls to use the new key. Additionally, update any Active Directory or Intune policies that assign Gateway connection details to replace old encrypted Gateway Key values with the new AES-encrypted keys. Follow the installation and policy update instructions provided by NetSupport to ensure secure deployment. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not explicitly discuss the impact of CVE-2025-34180 on compliance with common standards and regulations such as GDPR or HIPAA. However, since the vulnerability allows unauthorized access to systems through recovery of the plaintext Gateway Key, it could potentially lead to unauthorized data access or control, which may violate data protection and privacy requirements under such regulations. No direct statements or guidance on compliance impact are given. [1, 2, 3]