CVE-2025-15642 - Vulnerability Details - OpenCVE

Netskope is notified about a potential gap in its Netskoped Client for Windows systems where a malicious insider with admin privileges can lead to bypassing the NSClient Tamper Protections due to weak Discretionary Access Control List (DACLs) on the service object and related registry keys,. * Product Name: Netskope Client * Affected Platform: Windows * Affected Version: All version below R138

Attack Vector Local

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

References

Link	Providers
https://www.netskope.com/resources/netskope-resources/netskope-security-advisory-nskpsa-2025-008

History

Wed, 17 Jun 2026 05:15:00 +0000

Type	Values Removed	Values Added
Description		Netskope is notified about a potential gap in its Netskoped Client for Windows systems where a malicious insider with admin privileges can lead to bypassing the NSClient Tamper Protections due to weak Discretionary Access Control List (DACLs) on the service object and related registry keys,. * Product Name: Netskope Client * Affected Platform: Windows * Affected Version: All version below R138
Title		Netskope Client Service Insufficient Access Controls
Weaknesses		CWE-276
References		https://www.netskope.com/resources/netskope-resources/netskope-security-advisory-nskpsa-2025-008
Metrics		cvssV4_0 `{'score': 6.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: Netskope

Published: 2026-06-17T01:48:39.408Z

Updated: 2026-06-17T01:48:39.408Z

Reserved: 2026-04-22T15:49:44.526Z

Link: CVE-2025-15642

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-15642", "assignerOrgId": "bf992f6a-e49d-4e94-9479-c4cff32c62bc", "state": "PUBLISHED", "assignerShortName": "Netskope", "dateReserved": "2026-04-22T15:49:44.526Z", "datePublished": "2026-06-17T01:48:39.408Z", "dateUpdated": "2026-06-17T01:48:39.408Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "bf992f6a-e49d-4e94-9479-c4cff32c62bc", "shortName": "Netskope", "dateUpdated": "2026-06-17T01:48:39.408Z"}, "title": "Netskope Client Service Insufficient Access Controls", "datePublic": "2026-06-17T01:39:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-276", "description": "CWE-276 Incorrect default permissions", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-478", "descriptions": [{"lang": "en", "value": "CAPEC-478 Modification of Windows Service Configuration"}]}], "affected": [{"vendor": "Netskope", "product": "Netskope Client", "platforms": ["Windows"], "versions": [{"status": "affected", "version": "0", "lessThan": "138", "versionType": "custom"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "Netskope is notified about a potential gap in its Netskoped Client for Windows systems where a malicious insider with admin privileges can lead to bypassing the NSClient Tamper Protections due to weak Discretionary Access Control List (DACLs) on the service object and related registry keys,.\n * Product Name: Netskope Client\n * Affected Platform: Windows\n * Affected Version: All version below R138", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<div>Netskope is notified about a potential gap in its Netskoped Client for Windows systems where a malicious insider with admin privileges can lead to bypassing the NSClient Tamper Protections due to weak Discretionary Access Control List (DACLs) on the service object and related registry keys,.<br><ul><li>Product Name: Netskope Client</li><li>Affected Platform: Windows</li><li>Affected Version: All version below R138</li></ul></div>"}]}], "references": [{"url": "https://www.netskope.com/resources/netskope-resources/netskope-security-advisory-nskpsa-2025-008"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 6.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"}}], "workarounds": [{"lang": "en", "value": "No workaround available", "supportingMedia": [{"type": "text/html", "base64": false, "value": "No workaround available"}]}], "solutions": [{"lang": "en", "value": "Use any of the below version of Netskope Client:\n * R138 and above\n * R135 (135.1.19.2670 and above )\n * R132 (132.0.27.2671 and above )", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Use any of the below version of Netskope Client:<br><ul><li>R138 and above</li><li>R135 (135.1.19.2670 and above )</li><li>R132 (132.0.27.2671 and above )</li></ul>"}]}], "exploits": [{"lang": "en", "value": "Netskope is not aware of any active exploitation of the security issue.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Netskope is not aware of any active exploitation of the security issue."}]}], "credits": [{"lang": "en", "value": "Netskope credits Juan Pablo Barriga for reporting this flaw.", "type": "finder"}], "source": {"advisory": "NSKPSA-2025-008", "discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.2"}}}}