Vulnerability Description
An insufficient validation on the server connection endpoint in Netskope Client allows local users to elevate privileges on the system. The insufficient validation allows Netskope Client to connect to any other server with Public Signed CA TLS certificates and send specially crafted responses to elevate privileges.
Related Weaknesses (CWE)
References
- https://blog.amberwolf.com/blog/2025/august/breaking-into-your-network-zer0-effo
- https://www.netskope.com/company/security-compliance-and-assurance/security-advi
FAQ
What is CVE-2025-0309?
CVE-2025-0309 is a documented vulnerability. An insufficient validation on the server connection endpoint in Netskope Client allows local users to elevate privileges on the system. The insufficient validation allows Netskope Client to connect to...
How severe is CVE-2025-0309?
CVSS scoring is not yet available for CVE-2025-0309. Check NVD for updates.
Is there a patch for CVE-2025-0309?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.