CVE-2025-0309 (GCVE-0-2025-0309)

Vulnerability from cvelistv5 – Published: 2025-08-14 04:35 – Updated: 2025-08-15 12:58
VLAI?
Summary
An insufficient validation on the server connection endpoint in Netskope Client allows local users to elevate privileges on the system. The insufficient validation allows Netskope Client to connect to any other server with Public Signed CA TLS certificates and send specially crafted responses to elevate privileges.
Severity ?
6 (Medium)
CVSS:4.0/AV:P/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:H/SC:H/SI:H/SA:H
CWE
  • CWE-295 - Improper Certificate Validation
Assigner
References
Impacted products
Vendor Product Version
Netskope Netskope Client Affected: 0 , < 129.0.0 (custom)
Create a notification for this product.
Credits
Richard Warren
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-0309",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-15T12:26:51.060701Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-295",
                "description": "CWE-295 Improper Certificate Validation",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-15T12:58:27.857Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Netskope Client",
          "vendor": "Netskope",
          "versions": [
            {
              "lessThan": "129.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Richard Warren"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An insufficient validation on the server connection endpoint in Netskope Client allows local users to elevate privileges on the system. The insufficient validation allows Netskope Client to connect to any other server with Public Signed CA TLS certificates and send specially crafted responses to elevate privileges."
            }
          ],
          "value": "An insufficient validation on the server connection endpoint in Netskope Client allows local users to elevate privileges on the system. The insufficient validation allows Netskope Client to connect to any other server with Public Signed CA TLS certificates and send specially crafted responses to elevate privileges."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "PHYSICAL",
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:P/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-14T04:35:15.287Z",
        "orgId": "bf992f6a-e49d-4e94-9479-c4cff32c62bc",
        "shortName": "Netskope"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://blog.amberwolf.com/blog/2025/august/breaking-into-your-network-zer0-effort/"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2025-002"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update the Netskope Client to version 129.0.0 or newer"
            }
          ],
          "value": "Update the Netskope Client to version 129.0.0 or newer"
        }
      ],
      "source": {
        "advisory": "NSKPSA-2025-002",
        "discovery": "EXTERNAL"
      },
      "title": "Netskope Client Local Elevation of Privileges",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "There are multiple configurations which can mitigate and reduce potential exposure: \u003cbr\u003e\u003cul\u003e\u003cli\u003eBlock connection/access to any new domain or URLs to NS Client apart from goskope.com\u003c/li\u003e\u003cul\u003e\u003cli\u003eUse EDR tools to monitor connections from NS Client to any random domains and block it\u003c/li\u003e\u003c/ul\u003e\u003cli\u003e\n\nMonitor for addition of any self signed certificates in operating system certificate store\n\n\u003cbr\u003e\u003c/li\u003e\u003cli\u003eMonitor the status of NS Client\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
            }
          ],
          "value": "There are multiple configurations which can mitigate and reduce potential exposure: \n  *  Block connection/access to any new domain or URLs to NS Client apart from goskope.com\n  *  Use EDR tools to monitor connections from NS Client to any random domains and block it\n\n\n  *  \n\nMonitor for addition of any self signed certificates in operating system certificate store\n\n\n\n  *  Monitor the status of NS Client"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bf992f6a-e49d-4e94-9479-c4cff32c62bc",
    "assignerShortName": "Netskope",
    "cveId": "CVE-2025-0309",
    "datePublished": "2025-08-14T04:35:15.287Z",
    "dateReserved": "2025-01-07T14:23:56.898Z",
    "dateUpdated": "2025-08-15T12:58:27.857Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-0309\",\"sourceIdentifier\":\"psirt@netskope.com\",\"published\":\"2025-08-14T05:15:26.690\",\"lastModified\":\"2025-08-15T13:15:30.470\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An insufficient validation on the server connection endpoint in Netskope Client allows local users to elevate privileges on the system. The insufficient validation allows Netskope Client to connect to any other server with Public Signed CA TLS certificates and send specially crafted responses to elevate privileges.\"},{\"lang\":\"es\",\"value\":\"Una validaci\u00f3n insuficiente en el endpoint de conexi\u00f3n del servidor en Netskope Client permite a los usuarios locales elevar privilegios en el sistema. Esta validaci\u00f3n insuficiente permite a Netskope Client conectarse a cualquier otro servidor con certificados TLS de CA firmados p\u00fablicamente y enviar respuestas manipuladas espec\u00edficamente para elevar privilegios.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"psirt@netskope.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:P/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":6.0,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"HIGH\",\"subIntegrityImpact\":\"HIGH\",\"subAvailabilityImpact\":\"HIGH\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-295\"}]}],\"references\":[{\"url\":\"https://blog.amberwolf.com/blog/2025/august/breaking-into-your-network-zer0-effort/\",\"source\":\"psirt@netskope.com\"},{\"url\":\"https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2025-002\",\"source\":\"psirt@netskope.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-0309\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-15T12:26:51.060701Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-295\", \"description\": \"CWE-295 Improper Certificate Validation\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-15T12:26:54.612Z\"}}], \"cna\": {\"title\": \"Netskope Client Local Elevation of Privileges\", \"source\": {\"advisory\": \"NSKPSA-2025-002\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Richard Warren\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 6, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"PHYSICAL\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:P/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:H/SC:H/SI:H/SA:H\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"HIGH\", \"vulnIntegrityImpact\": \"LOW\", \"subAvailabilityImpact\": \"HIGH\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Netskope\", \"product\": \"Netskope Client\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"129.0.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Update the Netskope Client to version 129.0.0 or newer\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Update the Netskope Client to version 129.0.0 or newer\", \"base64\": false}]}], \"references\": [{\"url\": \"https://blog.amberwolf.com/blog/2025/august/breaking-into-your-network-zer0-effort/\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2025-002\", \"tags\": [\"vendor-advisory\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"There are multiple configurations which can mitigate and reduce potential exposure: \\n  *  Block connection/access to any new domain or URLs to NS Client apart from goskope.com\\n  *  Use EDR tools to monitor connections from NS Client to any random domains and block it\\n\\n\\n  *  \\n\\nMonitor for addition of any self signed certificates in operating system certificate store\\n\\n\\n\\n  *  Monitor the status of NS Client\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"There are multiple configurations which can mitigate and reduce potential exposure: \u003cbr\u003e\u003cul\u003e\u003cli\u003eBlock connection/access to any new domain or URLs to NS Client apart from goskope.com\u003c/li\u003e\u003cul\u003e\u003cli\u003eUse EDR tools to monitor connections from NS Client to any random domains and block it\u003c/li\u003e\u003c/ul\u003e\u003cli\u003e\\n\\nMonitor for addition of any self signed certificates in operating system certificate store\\n\\n\u003cbr\u003e\u003c/li\u003e\u003cli\u003eMonitor the status of NS Client\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An insufficient validation on the server connection endpoint in Netskope Client allows local users to elevate privileges on the system. The insufficient validation allows Netskope Client to connect to any other server with Public Signed CA TLS certificates and send specially crafted responses to elevate privileges.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"An insufficient validation on the server connection endpoint in Netskope Client allows local users to elevate privileges on the system. The insufficient validation allows Netskope Client to connect to any other server with Public Signed CA TLS certificates and send specially crafted responses to elevate privileges.\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"bf992f6a-e49d-4e94-9479-c4cff32c62bc\", \"shortName\": \"Netskope\", \"dateUpdated\": \"2025-08-14T04:35:15.287Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-0309\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-15T12:58:27.857Z\", \"dateReserved\": \"2025-01-07T14:23:56.898Z\", \"assignerOrgId\": \"bf992f6a-e49d-4e94-9479-c4cff32c62bc\", \"datePublished\": \"2025-08-14T04:35:15.287Z\", \"assignerShortName\": \"Netskope\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.