High severityNVD Advisory· Published Dec 15, 2025· Updated Apr 15, 2026
CVE-2025-34179
CVE-2025-34179
Description
NetSupport Manager < 14.12.0001 contains an unauthenticated SQL injection vulnerability in its Connectivity Server/Gateway HTTPS request handling. The server evaluates request URIs using an unsanitized SQLite query against the FileLinks table in gateway.db. By injecting SQL through the LinkName/URI value, a remote attacker can control the FileName field used by the server to read and return files from disk, resulting in arbitrary local file disclosure.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <14.12.0001
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.