CVE Catalog

CVE-2025-15642

MediumCVSS 6.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.14%

4th percentile — higher than 4% of all known CVEs

Summary

A vulnerability has been identified in the Netskope Client for Windows that allows a malicious insider with admin privileges to bypass NSClient Tamper protections due to weak Discretionary Access Control Lists (DACLs) on the service object and related registry keys.

Risk Assessment

The organization may be exposed to unauthorized changes in the client configuration, potentially leading to data integrity loss and security breaches.

Recommendation

It is recommended to update the Netskope Client to version R138 or later and to review and strengthen the access control lists for service objects and registry keys.

Original NVD description (English source)

Netskope is notified about a potential gap in its Netskoped Client for Windows systems where a malicious insider with admin privileges can lead to bypassing the NSClient Tamper Protections due to weak Discretionary Access Control List (DACLs) on the service object and related registry keys,. * Product Name: Netskope Client * Affected Platform: Windows * Affected Version: All version below R138

Vulnerability data from NVD (NIST) · CISA KEV · EPSS