CVE Catalog

CVE-2025-15641

MediumCVSS 6.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.16%

6th percentile — higher than 6% of all known CVEs

Summary

A vulnerability has been identified in the Netskope Client for Windows systems that allows a malicious insider with administrative privileges to tamper with the client IOCTL by sending crafted requests to the driver. A successful exploit can lead to bypassing all anti-tampering protections for NSClient.

Risk Assessment

The organization may face serious security threats as a malicious insider could gain access to sensitive data or systems, bypassing protections.

Recommendation

It is recommended to update the Netskope Client to version R138 or later to mitigate the risk associated with this vulnerability.

Original NVD description (English source)

Netskope was notified about a potential gap in its Netskope Client for Windows systems where a malicious insider with administrative privileges can potentially tamper with the customer IOCTL by sending crafted IOCTL requests to the driver. A successful exploit can result in the bypassing of all anti-tampering protections for the NSClient.Affected Product(s) and Version(s) * Product Name: Netskope Client * Affected Platform: Windows * Affected Version: All version below R138

Vulnerability data from NVD (NIST) · CISA KEV · EPSS