{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-0309", "assignerOrgId": "bf992f6a-e49d-4e94-9479-c4cff32c62bc", "state": "PUBLISHED", "assignerShortName": "Netskope", "dateReserved": "2025-01-07T14:23:56.898Z", "datePublished": "2025-08-14T04:35:15.287Z", "dateUpdated": "2025-08-15T12:58:27.857Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Netskope Client", "vendor": "Netskope", "versions": [{"lessThan": "129.0.0", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Richard Warren"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An insufficient validation on the server connection endpoint in Netskope Client allows local users to elevate privileges on the system. The insufficient validation allows Netskope Client to connect to any other server with Public Signed CA TLS certificates and send specially crafted responses to elevate privileges."}], "value": "An insufficient validation on the server connection endpoint in Netskope Client allows local users to elevate privileges on the system. The insufficient validation allows Netskope Client to connect to any other server with Public Signed CA TLS certificates and send specially crafted responses to elevate privileges."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "PHYSICAL", "baseScore": 6, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:H/SC:H/SI:H/SA:H", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "bf992f6a-e49d-4e94-9479-c4cff32c62bc", "shortName": "Netskope", "dateUpdated": "2025-08-14T04:35:15.287Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://blog.amberwolf.com/blog/2025/august/breaking-into-your-network-zer0-effort/"}, {"tags": ["vendor-advisory"], "url": "https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2025-002"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update the Netskope Client to version 129.0.0 or newer"}], "value": "Update the Netskope Client to version 129.0.0 or newer"}], "source": {"advisory": "NSKPSA-2025-002", "discovery": "EXTERNAL"}, "title": "Netskope Client Local Elevation of Privileges", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "There are multiple configurations which can mitigate and reduce potential exposure: <br><ul><li>Block connection/access to any new domain or URLs to NS Client apart from goskope.com</li><ul><li>Use EDR tools to monitor connections from NS Client to any random domains and block it</li></ul><li>\n\nMonitor for addition of any self signed certificates in operating system certificate store\n\n<br></li><li>Monitor the status of NS Client</li></ul><br>"}], "value": "There are multiple configurations which can mitigate and reduce potential exposure: \n * Block connection/access to any new domain or URLs to NS Client apart from goskope.com\n * Use EDR tools to monitor connections from NS Client to any random domains and block it\n\n\n * \n\nMonitor for addition of any self signed certificates in operating system certificate store\n\n\n\n * Monitor the status of NS Client"}], "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-295", "lang": "en", "description": "CWE-295 Improper Certificate Validation"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-15T12:26:51.060701Z", "id": "CVE-2025-0309", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-15T12:58:27.857Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-0309", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-15T12:26:51.060701Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-295", "description": "CWE-295 Improper Certificate Validation"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-15T12:26:54.612Z"}}], "cna": {"title": "Netskope Client Local Elevation of Privileges", "source": {"advisory": "NSKPSA-2025-002", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "reporter", "value": "Richard Warren"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6, "Automatable": "NOT_DEFINED", "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:H/SC:H/SI:H/SA:H", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Netskope", "product": "Netskope Client", "versions": [{"status": "affected", "version": "0", "lessThan": "129.0.0", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update the Netskope Client to version 129.0.0 or newer", "supportingMedia": [{"type": "text/html", "value": "Update the Netskope Client to version 129.0.0 or newer", "base64": false}]}], "references": [{"url": "https://blog.amberwolf.com/blog/2025/august/breaking-into-your-network-zer0-effort/", "tags": ["third-party-advisory"]}, {"url": "https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2025-002", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "en", "value": "There are multiple configurations which can mitigate and reduce potential exposure: \n * Block connection/access to any new domain or URLs to NS Client apart from goskope.com\n * Use EDR tools to monitor connections from NS Client to any random domains and block it\n\n\n * \n\nMonitor for addition of any self signed certificates in operating system certificate store\n\n\n\n * Monitor the status of NS Client", "supportingMedia": [{"type": "text/html", "value": "There are multiple configurations which can mitigate and reduce potential exposure: <br><ul><li>Block connection/access to any new domain or URLs to NS Client apart from goskope.com</li><ul><li>Use EDR tools to monitor connections from NS Client to any random domains and block it</li></ul><li>\n\nMonitor for addition of any self signed certificates in operating system certificate store\n\n<br></li><li>Monitor the status of NS Client</li></ul><br>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "An insufficient validation on the server connection endpoint in Netskope Client allows local users to elevate privileges on the system. The insufficient validation allows Netskope Client to connect to any other server with Public Signed CA TLS certificates and send specially crafted responses to elevate privileges.", "supportingMedia": [{"type": "text/html", "value": "An insufficient validation on the server connection endpoint in Netskope Client allows local users to elevate privileges on the system. The insufficient validation allows Netskope Client to connect to any other server with Public Signed CA TLS certificates and send specially crafted responses to elevate privileges.", "base64": false}]}], "providerMetadata": {"orgId": "bf992f6a-e49d-4e94-9479-c4cff32c62bc", "shortName": "Netskope", "dateUpdated": "2025-08-14T04:35:15.287Z"}}}, "cveMetadata": {"cveId": "CVE-2025-0309", "state": "PUBLISHED", "dateUpdated": "2025-08-15T12:58:27.857Z", "dateReserved": "2025-01-07T14:23:56.898Z", "assignerOrgId": "bf992f6a-e49d-4e94-9479-c4cff32c62bc", "datePublished": "2025-08-14T04:35:15.287Z", "assignerShortName": "Netskope"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An insufficient validation on the server connection endpoint in Netskope Client allows local users to elevate privileges on the system. The insufficient validation allows Netskope Client to connect to any other server with Public Signed CA TLS certificates and send specially crafted responses to elevate privileges."}, {"lang": "es", "value": "Una validaci\u00f3n insuficiente en el endpoint de conexi\u00f3n del servidor en Netskope Client permite a los usuarios locales elevar privilegios en el sistema. Esta validaci\u00f3n insuficiente permite a Netskope Client conectarse a cualquier otro servidor con certificados TLS de CA firmados p\u00fablicamente y enviar respuestas manipuladas espec\u00edficamente para elevar privilegios."}], "id": "CVE-2025-0309", "lastModified": "2025-08-15T13:15:30.470", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "PHYSICAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-08-14T05:15:26.690", "references": [{"source": "[email protected]", "url": "https://blog.amberwolf.com/blog/2025/august/breaking-into-your-network-zer0-effort/"}, {"source": "[email protected]", "url": "https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2025-002"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}