CVE-2025-34179 is an SQL injection vulnerability identified in NetSupport Manager versions earlier than 14.12.0001, specifically in the Connectivity Server/Gateway HTTPS request handling. The vulnerability arises because the server processes incoming request URIs by embedding them directly into SQLite queries without proper sanitization or parameterization. The affected query targets the FileLinks table in the gateway.db database, where the LinkName or URI parameter is used unsafely. By injecting crafted SQL code into these parameters, an unauthenticated remote attacker can manipulate the FileName field that the server uses to read files from its local disk. This manipulation allows the attacker to disclose arbitrary files, potentially exposing sensitive information stored on the server. The vulnerability does not require any authentication or user interaction, making it remotely exploitable over the network. The CVSS 4.0 base score of 8.7 reflects the high impact on confidentiality, with no impact on integrity or availability, and the low attack complexity and no privileges required. Although no public exploits have been reported yet, the vulnerability's characteristics suggest it could be weaponized quickly. The lack of available patches at the time of reporting necessitates immediate mitigation efforts by affected organizations. The vulnerability is categorized under CWE-89, indicating improper neutralization of special elements in SQL commands, a common and critical injection flaw.

For European organizations, this vulnerability poses a significant risk to confidentiality due to the potential disclosure of arbitrary local files on NetSupport Manager servers. Organizations relying on this remote management software, especially in sectors such as government, finance, healthcare, and critical infrastructure, could face exposure of sensitive configuration files, credentials, or proprietary data. The unauthenticated nature of the exploit means attackers can attempt exploitation without prior access, increasing the attack surface. Compromise could lead to further lateral movement or targeted attacks if sensitive information is leaked. The impact is heightened in environments where the Connectivity Server/Gateway is exposed to untrusted networks or the internet. Additionally, organizations with strict data protection regulations, such as GDPR, may face compliance and reputational risks if data breaches occur. The absence of known exploits currently provides a window for proactive defense, but the high CVSS score underscores the urgency of mitigation.

1. Apply official patches or updates from NetSupport Software as soon as they become available to address CVE-2025-34179. 2. Until patches are released, restrict network access to the Connectivity Server/Gateway component by implementing network segmentation and firewall rules to limit exposure to trusted hosts only. 3. Deploy Web Application Firewalls (WAFs) or intrusion prevention systems (IPS) with signatures or custom rules to detect and block SQL injection attempts targeting the LinkName/URI parameters. 4. Conduct thorough logging and monitoring of Connectivity Server/Gateway access logs to detect anomalous requests or repeated injection attempts. 5. Review and harden database query handling by ensuring parameterized queries and input validation in custom deployments or configurations if applicable. 6. Educate IT and security teams about this vulnerability to ensure rapid incident response if exploitation attempts are detected. 7. Perform regular vulnerability scanning and penetration testing focused on remote management infrastructure to identify similar injection flaws. 8. Consider isolating or replacing vulnerable NetSupport Manager instances with alternative secure remote management solutions if patching is delayed.