CVE-2025-0309

Netskope Client Local Elevation of Privileges

CVSS 6 MEDIUMEPSS 0.2%CWE-295

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 6EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

14 ago 2025Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

An insufficient validation on the server connection endpoint in Netskope Client allows local users to elevate privileges on the system. The insufficient validation allows Netskope Client to connect to any other server with Public Signed CA TLS certificates and send specially crafted responses to elevate privileges.

CVSS:4.0/AV:P/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:H/SC:H/SI:H/SA:H

Productos afectados

Netskope · Netskope Client

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://blog.amberwolf.com/blog/2025/august/breaking-into-your-network-zer0-effort/https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2025-002