CVE-2025-34179

Name of the Vulnerable Software and Affected Versions NetSupport Manager version 14.12.0001

Description NetSupport Manager contains an unauthenticated SQL injection flaw in the way its Connectivity Server/Gateway handles HTTPS requests. The server uses an unsanitized SQLite query against the FileLinks table within the gateway.db database to evaluate request URIs. An attacker can inject SQL code through the LinkName/URI value, allowing control over the FileName field. This control enables the server to read and return arbitrary local files from disk, leading to potential arbitrary local file disclosure.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.