CVE-2025-15641
MediumCVSS 6.8Exploitation Probability (EPSS)
Low risk6th percentile — higher than 6% of all known CVEs
Summary
A vulnerability has been identified in the Netskope Client for Windows systems that allows a malicious insider with administrative privileges to tamper with the client IOCTL by sending crafted requests to the driver. A successful exploit can lead to bypassing all anti-tampering protections for NSClient.
Risk Assessment
The organization may face serious security threats as a malicious insider could gain access to sensitive data or systems, bypassing protections.
Recommendation
It is recommended to update the Netskope Client to version R138 or later to mitigate the risk associated with this vulnerability.
Original NVD description (English source)
Netskope was notified about a potential gap in its Netskope Client for Windows systems where a malicious insider with administrative privileges can potentially tamper with the customer IOCTL by sending crafted IOCTL requests to the driver. A successful exploit can result in the bypassing of all anti-tampering protections for the NSClient.Affected Product(s) and Version(s) * Product Name: Netskope Client * Affected Platform: Windows * Affected Version: All version below R138

