Cyber Resilience

CVE-2025-34164

CriticalPublic PoC

Published: 30 August 2025

Published
30 August 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0106 78.0th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-34164 is a critical-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Netsupportmanager (inferred from references). Its CVSS base score is 9.3 (Critical).

Operationally, ranked in the top 22.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

A heap-based buffer overflow vulnerability tracked as CVE-2025-34164 affects NetSupport Manager versions 14.x prior to 14.12.0000. The flaw, assigned CWE-122, permits remote manipulation of memory structures within the application and carries a CVSS 4.0 score of 9.3 reflecting network-accessible attack vectors with no required authentication or user interaction.

An unauthenticated attacker able to reach the affected NetSupport Manager instance can supply crafted network traffic that triggers the overflow, resulting in either a denial-of-service condition or arbitrary code execution on the target system.

Vendor references direct users to the NetSupport Manager product page and a VulnCheck advisory that identify the fixed release 14.12.0000 as the corrective version; organizations should apply this update to eliminate the vulnerable code paths. The associated EPSS score remains flat at 0.0106 with no observed increase after disclosure.

EU & UK References

Vulnerability details

A heap-based buffer overflow vulnerability in NetSupport Manager 14.x versions prior to 14.12.0000 allows a remote, unauthenticated attacker to cause a denial of service (DoS) or execute arbitrary code.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

Netsupportmanager
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References