CVE-2025-0309

Netskope Client Local Elevation of Privileges

Description

An insufficient validation on the server connection endpoint in Netskope Client allows local users to elevate privileges on the system. The insufficient validation allows Netskope Client to connect to any other server with Public Signed CA TLS certificates and send specially crafted responses to elevate privileges.

Remediation

Solution:

  • Update the Netskope Client to version 129.0.0 or newer

Workaround:

  • There are multiple configurations which can mitigate and reduce potential exposure: * Block connection/access to any new domain or URLs to NS Client apart from goskope.com * Use EDR tools to monitor connections from NS Client to any random domains and block it * Monitor for addition of any self signed certificates in operating system certificate store * Monitor the status of NS Client

Category

6.0
CVSS
Severity: Medium
CVSS 4.0 •
EPSS 0.01%
Vendor Advisory netskope.com
Affected: Netskope Netskope Client
Published at:
Updated at:

References

Link Tags
https://blog.amberwolf.com/blog/2025/august/breaking-into-your-network-zer0-effort/ third party advisory
https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2025-002 vendor advisory

Frequently Asked Questions

What is the severity of CVE-2025-0309?
CVE-2025-0309 has been scored as a medium severity vulnerability.
How to fix CVE-2025-0309?
To fix CVE-2025-0309: Update the Netskope Client to version 129.0.0 or newer
Is CVE-2025-0309 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-0309 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-0309?
CVE-2025-0309 affects Netskope Netskope Client.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.