CVE-2025-0309 MEDIUM

CVE-2025-0309: Netskope Client Local Elevation of Privileges

Vendor Netskope
Product Netskope Client
Published August 14, 2025
Last update August 15, 2025

CVSS base score

6.0/10
Attack vector Physical
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:P/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:H/SC:H/SI:H/SA:H

What the vulnerability does

01Description

An insufficient validation on the server connection endpoint in Netskope Client allows local users to elevate privileges on the system. The insufficient validation allows Netskope Client to connect to any other server with Public Signed CA TLS certificates and send specially crafted responses to elevate privileges.

Key dates

02Disclosure timeline

August 14, 2025 CVE published
August 15, 2025 Record updated