QwikSec

Security Database

CVE

CWE

Training

CVE-2025-34180

Published: Dec 15, 2025

Modified: May 14, 2026

PUBLISHED

Description

NetSupport Manager < 14.12.0001 relies on a shared Gateway Key for authentication between Manager/Control, Client, and Connectivity Server components. The key is stored using a reversible encoding scheme. An attacker who obtains access to a deployed client configuration file can decode the stored value to recover the plaintext Gateway Key. Possession of the Gateway Key allows unauthorized access to NetSupport Manager connectivity services and enables remote control of systems managed through the same key.

Vendor	Product	Versions
NetSupport Software	Manager	affected `0 - < 14.12.0001`

Weaknesses (CWE)

References

https://kb.netsupportsoftware.com/knowledge-base/updating-and-securing-netsupport-manager/

vendor-advisory

patch

https://www.vulncheck.com/advisories/netsupport-manager-gateway-key-reversible-encoding-credential-recovery

third-party-advisory

https://ret2.me/post/2025-12-04-exploiting-netsupport-gateway/

technical-description

exploit

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.