CVE-2025-34181

Name of the Vulnerable Software and Affected Versions NetSupport Manager versions prior to 14.12.0001

Description NetSupport Manager contains a flaw in the Connectivity Server/Gateway PUTFILE request handler that allows for arbitrary file writing. An attacker possessing a valid Gateway Key can exploit this by providing a specially crafted filename with directory traversal sequences. This enables the attacker to write files to arbitrary locations on the server, potentially including the placement of malicious DLLs or executables in privileged directories. Successful exploitation can lead to remote code execution within the context of the NetSupport Manager connectivity service.

Recommendations Update NetSupport Manager to version 14.12.0001 or later.