CVE-2025-15642

Summary

Netskope is notified about a potential gap in its Netskoped Client for Windows systems where a malicious insider with admin privileges can lead to bypassing the NSClient Tamper Protections due to weak Discretionary Access Control List (DACLs) on the service object and related registry keys,.

  • Product Name: Netskope Client
  • Affected Platform: Windows
  • Affected Version: All version below R138

Affected Software

VendorProductVersion RangeStatus
NetskopeNetskope Client0 < 138affected

Weaknesses

  • CWE-276: CWE-276 Incorrect default permissions

Workarounds

No workaround available

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References