High severityNVD Advisory· Published Dec 15, 2025· Updated Apr 15, 2026

CVE-2025-34180

Description

NetSupport Manager < 14.12.0001 relies on a shared Gateway Key for authentication between Manager/Control, Client, and Connectivity Server components. The key is stored using a reversible encoding scheme. An attacker who obtains access to a deployed client configuration file can decode the stored value to recover the plaintext Gateway Key. Possession of the Gateway Key allows unauthorized access to NetSupport Manager connectivity services and enables remote control of systems managed through the same key.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

kb.netsupportsoftware.com/knowledge-base/updating-and-securing-netsupport-manager/nvd
ret2.me/post/2025-12-04-exploiting-netsupport-gateway/nvd
www.vulncheck.com/advisories/netsupport-manager-gateway-key-reversible-encoding-credential-recoverynvd

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000