AI description
CVE-2025-0309 affects the Netskope Client. It involves insufficient validation on the server connection endpoint, which allows local users to elevate privileges on the system. The insufficient validation allows the Netskope Client to connect to other servers using Public Signed CA TLS certificates. By sending specially crafted responses, attackers can elevate their privileges.
- Description
- An insufficient validation on the server connection endpoint in Netskope Client allows local users to elevate privileges on the system. The insufficient validation allows Netskope Client to connect to any other server with Public Signed CA TLS certificates and send specially crafted responses to elevate privileges.
- Source
- psirt@netskope.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 6
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:P/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-295
- Hype score
- Not currently trending
Top 5 Trending CVEs: 1 - CVE-2025-24085 2 - CVE-2024-36401 3 - CVE-2025-8088 4 - CVE-2025-0309 5 - CVE-2024-38399 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
28 Sept 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#AppSec #exploit Netskope Client for Windows - LPE via Rogue Server (CVE-2025-0309) https://t.co/rjbTNznxAF ]-> IPC Client and PoC exploit for CVE-2025-0309 - https://t.co/yMSrbOPBze
@ksg93rd
25 Sept 2025
87 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
Finishing off the week with a writeup of CVE-2025-0309 - Netskope Windows Client LPE This was one of the bugs we demo’d in our DEF CON #ZeroTrustTotalBust talk. Also releasing a NachoVPN plugin and our 🆙skope PoC. Details on the @AmberWolfSec blog: https://t.co/HJQCVbBpb
@buffaloverflow
29 Aug 2025
6550 Impressions
22 Retweets
88 Likes
35 Bookmarks
1 Reply
2 Quotes
Netskope have released NSKPSA-2025-002 / CVE-2025-0309 for one of the privilege escalation vulnerabilities discussed during our #ZeroTrustTotalBust DEFCON talk Full writeup and PoC to follow on the @AmberWolfSec blog😉 https://t.co/wIrvDrb4gc
@buffaloverflow
14 Aug 2025
872 Impressions
3 Retweets
11 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-0309 An insufficient validation on the server connection endpoint in Netskope Client allows local users to elevate privileges on the system. The insufficient validation allo… https://t.co/pmaea4hGUp
@CVEnew
14 Aug 2025
112 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes