NetSupport Manager has two critical 0-day vulnerabilities that allow unauthenticated remote code execution (RCE). These flaws, when exploited together, can enable attackers to take control of systems without needing prior authentication. The vulnerabilities stem from how NetSupport Manager handles TCP port 5405 for communication. Attackers can send broadcast commands that don't require authentication, creating an easy entry point for exploitation from any network position. The exploit works by manipulating the heap memory. Attackers can bypass Address Space Layout Randomization (ASLR) and leak memory addresses, leading to arbitrary memory writes. This allows them to overwrite critical data structures, including virtual table (vtable) pointers, effectively granting them code execution capabilities. The widespread use of NetSupport Manager in industrial control environments raises alarm, as these vulnerabilities could allow attackers to navigate into sensitive operational technology networks. NetSupport Ltd. was informed of these vulnerabilities in June 2025, and patches were rolled out on July 29, 2025, requiring all broadcast-related commands to enforce authentication and adding parameter validation. Organizations using NetSupport Manager are urged to upgrade to version 14.12.0000 or later. In the meantime, it's advisable to restrict access to port 5405, implement network segmentation, and monitor for unusual broadcast activity to mitigate risks while updates are applied.