CVE-2025-15642
Received Received - Intake
Netskope Client Windows Tamper Protection Bypass via Weak DACLs

Publication date: 2026-06-17

Last updated on: 2026-06-17

Assigner: Netskope

Description
Netskope is notified about a potential gap in its Netskoped Client for Windows systems where a malicious insider with admin privileges can lead to bypassing the NSClient Tamper Protections due to weak Discretionary Access Control List (DACLs) on the service object and related registry keys,. * Product Name: Netskope Client * Affected Platform: Windows * Affected Version: All version below R138
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-17
Last Modified
2026-06-17
Generated
2026-06-17
AI Q&A
2026-06-17
EPSS Evaluated
N/A
NVD
CVE-2025-15642
EUVD
EUVD-2025-210211
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
netskope netskope_client to R138 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-276 During installation, installed file permissions are set to allow anyone to modify those files.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-15642 is a security vulnerability in the Netskope Client for Windows systems. It arises from weak Discretionary Access Control Lists (DACLs) on the service object and related registry keys, combined with a lack of kernel-enforced self-protection in the client.

This weakness allows a malicious insider who already has administrative privileges on the system to bypass the NSClient Tamper Protections, potentially enabling them to manipulate or disable security features of the Netskope Client.

The vulnerability affects all versions of the Netskope Client below R138, and a security patch has been released in version R138 and above to fix this issue.

Impact Analysis

This vulnerability can impact you by allowing a malicious insider with administrative privileges to bypass the NSClient Tamper Protections on the Netskope Client.

By bypassing these protections, the attacker could potentially disable or alter security controls, which may lead to unauthorized changes, reduced security monitoring, or other malicious activities on the affected Windows system.

Since the vulnerability requires administrative privileges, it primarily increases risk from insiders rather than external attackers.

Detection Guidance

The vulnerability involves weak Discretionary Access Control Lists (DACLs) on the Netskope Client service object and related registry keys, which could be inspected to detect potential misconfigurations.

However, there are no specific detection commands or tools provided in the available information to identify this vulnerability on your network or system.

Mitigation Strategies

The immediate mitigation step is to update the Netskope Client for Windows to version R138 or above, as this version contains the security patch addressing the vulnerability.

There are no available workarounds at this time, so applying the update is the recommended action to prevent exploitation.

Compliance Impact

The provided information does not specify how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-15642. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart