Critical NetSupport Manager Zero-Day Vulnerabilities Enable Remote Code Execution
By AnuPriya
January 26, 2026
Categories:
Cyber Security NewsCybersecurityVulnerabilityZero-day
NetSupport Manager, a legitimate remote access tool used across enterprises, harbors two critical authentication bypass vulnerabilities (CVE-2025-34164 and CVE-2025-34165) that enable unauthenticated remote code execution.
Versions up to 14.10.4.0 are affected, with patches available since July 29, 2025. The vulnerabilities stem from insufficient parameter validation in the software’s undocumented broadcast communication feature, allowing attackers to corrupt heap memory and achieve arbitrary code execution without credentials.
CVE Vulnerability Details
CVE ID Vulnerability Type CVSS Score Severity Attack Vector Authentication Required
CVE-2025-34164 Heap-Based Out-of-Bounds Write (Integer Overflow) 9.8 Critical Network (TCP:5405) No
CVE-2025-34165 Stack-Based Out-of-Bounds Read 9.8 Critical Network (TCP:5405) No
The vulnerabilities reside in NetSupport Manager’s broadcast feature, introduced in version 14, which communicates over TCP port 5405.
This undocumented feature processes commands without authentication, creating an attack surface for unauthenticated threat actors.
CVE-2025-34164 (OOB Write): The vulnerability stems from improper integer overflow handling in the BC_ADD_PORT command.
When allocating broadcast buffers, slot size (ushort) and slot count (ushort) parameters are multiplied without validation. Sending a slot size of 0xFFFF and count of 0xFFF1 triggers integer overflow, allocating a buffer of 0xFF10 bytes instead of the intended 0x100FF10 bytes enabling writes beyond allocated boundaries.
CVE-2025-34165 (OOB Read): The BC_TCP_DATA command contains an externally-controlled size parameter that lacks validation against RX buffer capacity (0x800 bytes).
Sending data size exceeding 0x7F6 bytes causes out-of-bounds reads from the stack-based RX buffer, leaking process memory, including Address Space Layout Randomization (ASLR) bypass candidates.
Security researchers at CODE WHITE demonstrated full remote code execution chains combining both vulnerabilities.
The exploitation sequence involves: (1) heap spraying to create predictable memory layouts, (2) leveraging OOB write to corrupt UdpInputStream object metadata, (3) extracting vtable pointers via OOB read to bypass ASLR, (4) overwriting virtual function tables, and (5) executing ROP chains to call VirtualProtect and execute shellcode.
The exploit reliably achieves unauthenticated arbitrary code execution within seconds, requiring only network access to the listening client process.
NetSupport Manager version 14.12.0000 (released July 29, 2025) patches both vulnerabilities through additional parameter validation and enforced authentication for all broadcast-related commands.
Organizations should immediately upgrade to 14.12.0000 or later and restrict TCP 5405 access via firewall rules.
Affected Versions Patched Version Release Date
< 14.12.0000 14.12.0000 July 29, 2025
Disable NetSupport Manager client components not actively used, isolate systems running older versions, and monitor for suspicious TCP:5405 traffic patterns from external sources.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.
Share
Facebook
Twitter
Pinterest
WhatsApp
AnuPriya
Any Priya is a cybersecurity reporter at Cyber Press, specializing in cyber attacks, dark web monitoring, data breaches, vulnerabilities, and malware. She delivers in-depth analysis on emerging threats and digital security trends.
Recent Articles
UIDAI Launches Bug Bounty Program to Boost Aadhaar Security
Cyber Security News March 18, 2026
Apple WebKit Vulnerability Allows Malicious Content Bypass on iOS and macOS
Apple March 18, 2026
Diplomats and Critical Infrastructure Targeted In Boggy Serpens Spy Campaign
APT March 18, 2026
Critical Telnetd Vulnerability Allows Remote Code Execution Attacks
Cyber Security News March 18, 2026
OpenAI Launches GPT-5.4 Mini and Nano, Delivering Answers 2× Faster
Cyber Security News March 18, 2026
Related Stories
Cyber Security News
UIDAI Launches Bug Bounty Program to Boost Aadhaar Security
AnuPriya - March 18, 2026
Apple
Apple WebKit Vulnerability Allows Malicious Content Bypass on iOS and macOS
AnuPriya - March 18, 2026
APT
Diplomats and Critical Infrastructure Targeted In Boggy Serpens Spy Campaign
Varshini - March 18, 2026
Cyber Security News
Critical Telnetd Vulnerability Allows Remote Code Execution Attacks
AnuPriya - March 18, 2026
Cyber Security News
OpenAI Launches GPT-5.4 Mini and Nano, Delivering Answers 2× Faster
AnuPriya - March 18, 2026
Cyber Security News
Fake Telegram Site Delivers Multi-Stage Malware Using In-Memory Execution
Varshini - March 18, 2026
LEAVE A REPLY
Comment:
Name:*
Email:*
Website: