QwikSec

Security Database

CVE

CWE

Training

CVE-2025-34181

Published: Dec 15, 2025

Modified: May 14, 2026

PUBLISHED

Description

NetSupport Manager < 14.12.0001 contains an arbitrary file write vulnerability in its Connectivity Server/Gateway PUTFILE request handler. An attacker with a valid Gateway Key can supply a crafted filename containing directory traversal sequences to write files to arbitrary locations on the server. This can be leveraged to place attacker-controlled DLLs or executables in privileged paths and achieve remote code execution in the context of the NetSupport Manager connectivity service.

Vendor	Product	Versions
NetSupport Software	Manager	affected `0 - < 14.12.0001`

Weaknesses (CWE)

References

https://kb.netsupportsoftware.com/knowledge-base/updating-and-securing-netsupport-manager/

vendor-advisory

patch

https://www.vulncheck.com/advisories/netsupport-manager-authenticated-path-traversal-arbitrary-write-rce

third-party-advisory

https://ret2.me/post/2025-12-04-exploiting-netsupport-gateway/

technical-description

exploit

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.