CVE-2025-0309
CVSS:4.0/AV:P/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:H/SC:H/SI:H/SA:H
Summary
An insufficient validation on the server connection endpoint in Netskope Client allows local users to elevate privileges on the system. The insufficient validation allows Netskope Client to connect to any other server with Public Signed CA TLS certificates and send specially crafted responses to elevate privileges.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Netskope | Netskope Client | 0 < 129.0.0 | affected |
Weaknesses
Workarounds
There are multiple configurations which can mitigate and reduce potential exposure:
Block connection/access to any new domain or URLs to NS Client apart from goskope.com
Use EDR tools to monitor connections from NS Client to any random domains and block it
Monitor for addition of any self signed certificates in operating system certificate store
- Monitor the status of NS Client
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://blog.amberwolf.com/blog/2025/august/breaking-into-your-network-zer0-effort/
- https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2025-002
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.