Netskope Client Local Elevation of Privileges_CVE-2025-0309

6 / 10

MEDIUM

CVSS:4.0/AV:P/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:H/SC:H/SI:H/SA:H

Description

An insufficient validation on the server connection endpoint in Netskope Client allows local users to elevate privileges on the system. The insufficient validation allows Netskope Client to connect to any other server with Public Signed CA TLS certificates and send specially crafted responses to elevate privileges.

Basic Information

ID CVE-2025-0309

Source Netskope

Published Aug 14, 2025 at 04:35

Affected Product

Vendor Netskope

Product Netskope Client

Affected Versions Netskope Netskope Client 0

References

{
    "lastseen": "",
    "description": "An insufficient validation on the server connection endpoint in Netskope Client allows local users to elevate privileges on the system. The insufficient validation allows Netskope Client to connect to any other server with Public Signed CA TLS certificates and send specially crafted responses to elevate privileges.",
    "published": "2025-08-14T04:35:15.287Z",
    "modified": "2025-08-14T04:35:15.287Z",
    "type": "cve",
    "title": "Netskope Client Local Elevation of Privileges",
    "source": "Netskope",
    "references": "https://blog.amberwolf.com/blog/2025/august/breaking-into-your-network-zer0-effort/\nhttps://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2025-002",
    "id": "CVE-2025-0309",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Netskope Netskope Client 0",
    "sourceHref": "",
    "cvss": {
        "score": 6,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:P/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:H/SC:H/SI:H/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Netskope Client",
    "version": "0",
    "vendor": "Netskope",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply