CVE-2025-34164

Name of the Vulnerable Software and Affected Versions NetSupport Manager versions prior to 14.12.0000

Description A heap-based buffer overflow exists in NetSupport Manager 14.x. This issue allows a remote, unauthenticated attacker to cause a denial of service (DoS) or potentially execute arbitrary code. The root cause is a failure to enforce proper bounds checking when processing network packets before authentication, leading to a heap buffer overflow. Attackers can exploit exposed services without credentials and potentially gain SYSTEM-level compromise. The vulnerability involves a heap out-of-bounds (OOB) write that can be leveraged to corrupt memory and overwrite structures like vtable pointers. This could lead to the execution of arbitrary code or a crash of services.

Recommendations Upgrade to NetSupport Manager version 14.12.0000 or later. Restrict TCP ports 5421 and 5422 to management VLANs. Remove internet exposure of the affected service. Audit systems for nsservice.exe crashes and unexpected child processes.