Info Published: Dec 15, 2025

CVE-2025-34179

0 CVSS Score Info

Export CVE-2025-34179 Data:

Link copied!

Description

NetSupport Manager < 14.12.0001 contains an unauthenticated SQL injection vulnerability in its Connectivity Server/Gateway HTTPS request handling. The server evaluates request URIs using an unsanitized SQLite query against the FileLinks table in gateway.db. By injecting SQL through the LinkName/URI value, a remote attacker can control the FileName field used by the server to read and return files from disk, resulting in arbitrary local file disclosure.

Weaknesses (CWE)

CWE-89

References & External Links

https://kb.netsupportsoftware.com/knowledge-base/updating-and-securing-netsupport-manager/
https://www.vulncheck.com/advisories/netsupport-manager-unauthenticated-sqli-local-file-disclosure

External Resources

NVD Official Record Exploit-DB Search Exploits CVE Details Statistics GitHub PoC / Tools X / Twitter Discussions Google Search More

← Back to CVE Tracker