CVE-2025-0309

Summary

An insufficient validation on the server connection endpoint in Netskope Client allows local users to elevate privileges on the system. The insufficient validation allows Netskope Client to connect to any other server with Public Signed CA TLS certificates and send specially crafted responses to elevate privileges.

Affected Software

VendorProductVersion RangeStatus
NetskopeNetskope Client0 < 129.0.0affected

Weaknesses

Workarounds

There are multiple configurations which can mitigate and reduce potential exposure:

  • Block connection/access to any new domain or URLs to NS Client apart from goskope.com

  • Use EDR tools to monitor connections from NS Client to any random domains and block it

Monitor for addition of any self signed certificates in operating system certificate store

  • Monitor the status of NS Client

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References