NetSupport Manager < 14.12.0001 Authenticated Path Traversal Arbitrary File Write...

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/SC:N

Description

NetSupport Manager < 14.12.0001 contains an arbitrary file write vulnerability in its Connectivity Server/Gateway PUTFILE request handler. An attacker with a valid Gateway Key can supply a crafted filename containing directory traversal sequences to write files to arbitrary locations on the server. This can be leveraged to place attacker-controlled DLLs or executables in privileged paths and achieve remote code execution in the context of the NetSupport Manager connectivity service.

AI Analysis

Arbitrary file write vulnerability in NetSupport Manager's Connectivity Server/Gateway PUTFILE request handler, allowing remote code execution

Basic Information

ID CVE-2025-34181

Source VulnCheck

Published Dec 15, 2025 at 14:42

Modified Dec 15, 2025 at 14:54

Affected Product

Vendor NetSupport Software

Product Manager

Affected Versions NetSupport Software Manager 0

CWE Classification

CWE-22

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor NetSupport Software

Product NetSupport Manager

Version < 14.12.0001

References

{
    "lastseen": "",
    "description": "NetSupport Manager < 14.12.0001 contains an arbitrary file write vulnerability in its Connectivity Server/Gateway PUTFILE request handler. An attacker with a valid Gateway Key can supply a crafted filename containing directory traversal sequences to write files to arbitrary locations on the server. This can be leveraged to place attacker-controlled DLLs or executables in privileged paths and achieve remote code execution in the context of the NetSupport Manager connectivity service.",
    "published": "2025-12-15T14:42:18.114Z",
    "modified": "2025-12-15T14:54:36.760Z",
    "type": "cve",
    "title": "NetSupport Manager < 14.12.0001 Authenticated Path Traversal Arbitrary File Write RCE",
    "source": "VulnCheck",
    "references": "https://kb.netsupportsoftware.com/knowledge-base/updating-and-securing-netsupport-manager/\nhttps://www.vulncheck.com/advisories/netsupport-manager-authenticated-path-traversal-arbitrary-write-rce",
    "id": "CVE-2025-34181",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "NetSupport Software Manager 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/SC:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Manager",
    "version": "0",
    "vendor": "NetSupport Software",
    "ai_description": "Arbitrary file write vulnerability in NetSupport Manager's Connectivity Server/Gateway PUTFILE request handler, allowing remote code execution",
    "ai_severity": "High",
    "ai_vendor": "NetSupport Software",
    "ai_product": "NetSupport Manager",
    "ai_version": "< 14.12.0001",
    "ai_score": 8.7
}

NetSupport Manager < 14.12.0001 Authenticated Path Traversal Arbitrary File Write RCE_CVE-2025-34181