CVE-2025-11156

Summary

Netskope was notified about a potential gap in its agent (NS Client) on Windows systems. If this gap is successfully exploited, a local, authenticated user with Administrator privileges can improperly load the driver as a generic kernel service. This triggers the flaw, causing a system crash (Blue-Screen-of-Death) and resulting in a Denial of Service (DoS) for the affected machine.

Affected Software

VendorProductVersion RangeStatus
NetskopeNetskope Client0 < R132affected

Weaknesses

  • CWE-476: CWE-476 NULL Pointer Dereference

Workarounds

EDR solutions can be leveraged to block any process attempting to create a kernel service pointing to epdlpdrv.sys driver.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References