CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ⬡ Vulnerabilities & CVEs

Critical NetSupport Manager Zero-Day Vulnerabilities Enable Remote Code Execution - cyberpress.org

cyberpress.org Archived Mar 18, 2026 ✓ Full text saved

Critical NetSupport Manager Zero-Day Vulnerabilities Enable Remote Code Execution cyberpress.org

Full text archived locally
✦ AI Summary · Claude Sonnet


    Critical NetSupport Manager Zero-Day Vulnerabilities Enable Remote Code Execution By AnuPriya January 26, 2026 Categories: Cyber Security NewsCybersecurityVulnerabilityZero-day NetSupport Manager, a legitimate remote access tool used across enterprises, harbors two critical authentication bypass vulnerabilities (CVE-2025-34164 and CVE-2025-34165) that enable unauthenticated remote code execution. Versions up to 14.10.4.0 are affected, with patches available since July 29, 2025. The vulnerabilities stem from insufficient parameter validation in the software’s undocumented broadcast communication feature, allowing attackers to corrupt heap memory and achieve arbitrary code execution without credentials. CVE Vulnerability Details CVE ID Vulnerability Type CVSS Score Severity Attack Vector Authentication Required CVE-2025-34164 Heap-Based Out-of-Bounds Write (Integer Overflow) 9.8 Critical Network (TCP:5405) No CVE-2025-34165 Stack-Based Out-of-Bounds Read 9.8 Critical Network (TCP:5405) No The vulnerabilities reside in NetSupport Manager’s broadcast feature, introduced in version 14, which communicates over TCP port 5405. This undocumented feature processes commands without authentication, creating an attack surface for unauthenticated threat actors. CVE-2025-34164 (OOB Write): The vulnerability stems from improper integer overflow handling in the BC_ADD_PORT command. When allocating broadcast buffers, slot size (ushort) and slot count (ushort) parameters are multiplied without validation. Sending a slot size of 0xFFFF and count of 0xFFF1 triggers integer overflow, allocating a buffer of 0xFF10 bytes instead of the intended 0x100FF10 bytes enabling writes beyond allocated boundaries. CVE-2025-34165 (OOB Read): The BC_TCP_DATA command contains an externally-controlled size parameter that lacks validation against RX buffer capacity (0x800 bytes). Sending data size exceeding 0x7F6 bytes causes out-of-bounds reads from the stack-based RX buffer, leaking process memory, including Address Space Layout Randomization (ASLR) bypass candidates. Security researchers at CODE WHITE demonstrated full remote code execution chains combining both vulnerabilities. The exploitation sequence involves: (1) heap spraying to create predictable memory layouts, (2) leveraging OOB write to corrupt UdpInputStream object metadata, (3) extracting vtable pointers via OOB read to bypass ASLR, (4) overwriting virtual function tables, and (5) executing ROP chains to call VirtualProtect and execute shellcode. The exploit reliably achieves unauthenticated arbitrary code execution within seconds, requiring only network access to the listening client process. NetSupport Manager version 14.12.0000 (released July 29, 2025) patches both vulnerabilities through additional parameter validation and enforced authentication for all broadcast-related commands. Organizations should immediately upgrade to 14.12.0000 or later and restrict TCP 5405 access via firewall rules. Affected Versions Patched Version Release Date < 14.12.0000 14.12.0000 July 29, 2025 Disable NetSupport Manager client components not actively used, isolate systems running older versions, and monitor for suspicious TCP:5405 traffic patterns from external sources. Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google. Share Facebook Twitter Pinterest WhatsApp AnuPriya Any Priya is a cybersecurity reporter at Cyber Press, specializing in cyber attacks, dark web monitoring, data breaches, vulnerabilities, and malware. She delivers in-depth analysis on emerging threats and digital security trends. Recent Articles UIDAI Launches Bug Bounty Program to Boost Aadhaar Security Cyber Security News March 18, 2026 Apple WebKit Vulnerability Allows Malicious Content Bypass on iOS and macOS Apple March 18, 2026 Diplomats and Critical Infrastructure Targeted In Boggy Serpens Spy Campaign APT March 18, 2026 Critical Telnetd Vulnerability Allows Remote Code Execution Attacks Cyber Security News March 18, 2026 OpenAI Launches GPT-5.4 Mini and Nano, Delivering Answers 2× Faster Cyber Security News March 18, 2026 Related Stories Cyber Security News UIDAI Launches Bug Bounty Program to Boost Aadhaar Security AnuPriya - March 18, 2026 Apple Apple WebKit Vulnerability Allows Malicious Content Bypass on iOS and macOS AnuPriya - March 18, 2026 APT Diplomats and Critical Infrastructure Targeted In Boggy Serpens Spy Campaign Varshini - March 18, 2026 Cyber Security News Critical Telnetd Vulnerability Allows Remote Code Execution Attacks AnuPriya - March 18, 2026 Cyber Security News OpenAI Launches GPT-5.4 Mini and Nano, Delivering Answers 2× Faster AnuPriya - March 18, 2026 Cyber Security News Fake Telegram Site Delivers Multi-Stage Malware Using In-Memory Execution Varshini - March 18, 2026 LEAVE A REPLY Comment: Name:* Email:* Website:
    💬 Team Notes
    Article Info
    Source
    cyberpress.org
    Category
    ⬡ Vulnerabilities & CVEs
    Published
    Archived
    Mar 18, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗