CVE-2025-15641
Received Received - Intake
Privilege Escalation in Netskope Client for Windows

Publication date: 2026-06-17

Last updated on: 2026-06-17

Assigner: Netskope

Description
Netskope was notified about a potential gap in its Netskope Client for Windows systems where a malicious insider with administrative privileges can potentially tamper with the customer IOCTL by sending crafted IOCTL requests to the driver. A successful exploit can result in the bypassing of all anti-tampering protections for the NSClient.Affected Product(s) and Version(s) * Product Name: Netskope Client * Affected Platform: Windows * Affected Version: All version below R138
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-17
Last Modified
2026-06-17
Generated
2026-06-17
AI Q&A
2026-06-17
EPSS Evaluated
N/A
NVD
CVE-2025-15641
EUVD
EUVD-2025-210212
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
netskope netskope_client to r138 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-782 The product implements an IOCTL with functionality that should be restricted, but it does not properly enforce access control for the IOCTL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the Netskope Client for Windows involves an exposed Input/Output Control (IOCTL) interface with insufficient access controls.

A malicious insider who has administrative privileges can send specially crafted IOCTL requests to the driver, which can bypass all anti-tampering protections of the Netskope Client (NSClient).

The issue affects all versions of the Netskope Client below R138 on Windows platforms.

Impact Analysis

If exploited, this vulnerability allows a malicious insider with administrative privileges to bypass all anti-tampering protections of the Netskope Client.

This could lead to unauthorized modifications or interference with the security functions of the client, potentially compromising the security posture of the affected system.

There are no known workarounds currently, so affected systems remain vulnerable until patched.

Detection Guidance

There are no specific detection commands or methods provided to identify this vulnerability on your network or system.

The vulnerability involves a malicious insider with administrative privileges sending crafted IOCTL requests to the Netskope Client driver, which may be difficult to detect without specialized monitoring.

Mitigation Strategies

The immediate mitigation step is to upgrade the Netskope Client for Windows to version R138 or above, where the security patch addressing this vulnerability has been released.

There are no available workarounds at this time.

Additionally, Netskope recommends using security hardening options within the product to enhance tenant security.

Compliance Impact

The provided information does not specify how the vulnerability in the Netskope Client affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-15641. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart