CVE-2025-15641

Summary

Netskope was notified about a potential gap in its Netskope Client for Windows systems where a malicious insider with administrative privileges can potentially tamper with the customer IOCTL by sending crafted IOCTL requests to the driver. A successful exploit can result in the bypassing of all anti-tampering protections for the NSClient.Affected Product(s) and Version(s)

  • Product Name: Netskope Client
  • Affected Platform: Windows
  • Affected Version: All version below R138

Affected Software

VendorProductVersion RangeStatus
NetskopeNetskope Client0 < 138affected

Weaknesses

  • CWE-782: CWE-782 Exposed IOCTL with insufficient access control

Workarounds

No workaround available

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References