NetSupport Manager < 14.12.0001 Gateway Key Reversible Encoding Credential Recovery

8.4 / 10

HIGH

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H

Description

NetSupport Manager < 14.12.0001 relies on a shared Gateway Key for authentication between Manager/Control, Client, and Connectivity Server components. The key is stored using a reversible encoding scheme. An attacker who obtains access to a deployed client configuration file can decode the stored value to recover the plaintext Gateway Key. Possession of the Gateway Key allows unauthorized access to NetSupport Manager connectivity services and enables remote control of systems managed through the same key.

Basic Information

ID CVE-2025-34180

Source VulnCheck

Published Dec 15, 2025 at 14:41

Modified Dec 15, 2025 at 14:54

Affected Product

Vendor NetSupport Software

Product Manager

Affected Versions NetSupport Software Manager 0

CWE Classification

CWE-257

References

{
    "lastseen": "",
    "description": "NetSupport Manager\u00a0< 14.12.0001  relies on a shared Gateway Key for authentication between Manager/Control, Client, and Connectivity Server components. The key is stored using a reversible encoding scheme. An attacker who obtains access to a deployed client configuration file can decode the stored value to recover the plaintext Gateway Key. Possession of the Gateway Key allows unauthorized access to NetSupport Manager connectivity services and enables remote control of systems managed through the same key.",
    "published": "2025-12-15T14:41:52.451Z",
    "modified": "2025-12-15T14:54:03.285Z",
    "type": "cve",
    "title": "NetSupport Manager < 14.12.0001 Gateway Key Reversible Encoding Credential Recovery",
    "source": "VulnCheck",
    "references": "https://kb.netsupportsoftware.com/knowledge-base/updating-and-securing-netsupport-manager/\nhttps://www.vulncheck.com/advisories/netsupport-manager-gateway-key-reversible-encoding-credential-recovery",
    "id": "CVE-2025-34180",
    "bulletinFamily": "",
    "cwe": [
        "CWE-257"
    ],
    "cvelist": null,
    "sourceData": "NetSupport Software Manager 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.4,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Manager",
    "version": "0",
    "vendor": "NetSupport Software",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

NetSupport Manager < 14.12.0001 Gateway Key Reversible Encoding Credential Recovery_CVE-2025-34180