CVE-2025-34164
Published: 30 August 2025
Summary
CVE-2025-34164 is a critical-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Netsupportmanager (inferred from references). Its CVSS base score is 9.3 (Critical).
Operationally, ranked in the top 22.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
A heap-based buffer overflow vulnerability tracked as CVE-2025-34164 affects NetSupport Manager versions 14.x prior to 14.12.0000. The flaw, assigned CWE-122, permits remote manipulation of memory structures within the application and carries a CVSS 4.0 score of 9.3 reflecting network-accessible attack vectors with no required authentication or user interaction.
An unauthenticated attacker able to reach the affected NetSupport Manager instance can supply crafted network traffic that triggers the overflow, resulting in either a denial-of-service condition or arbitrary code execution on the target system.
Vendor references direct users to the NetSupport Manager product page and a VulnCheck advisory that identify the fixed release 14.12.0000 as the corrective version; organizations should apply this update to eliminate the vulnerable code paths. The associated EPSS score remains flat at 0.0106 with no observed increase after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-26268
Vulnerability details
A heap-based buffer overflow vulnerability in NetSupport Manager 14.x versions prior to 14.12.0000 allows a remote, unauthenticated attacker to cause a denial of service (DoS) or execute arbitrary code.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.