Skip to main content

Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

© 2026 Mondoo, Inc.

Log in Get Assessment

Vulnerability IntelligenceCVE-2025-15642

CVE-2025-15642

MEDIUM6.8

Netskope Client Service Insufficient Access Controls

Published Jun 17, 2026

Modified 1 weeks ago

Details

Netskope is notified about a potential gap in its Netskoped Client for Windows systems where a malicious insider with admin privileges can lead to bypassing the NSClient Tamper Protections due to weak Discretionary Access Control List (DACLs) on the service object and related registry keys,.

Product Name: Netskope Client
Affected Platform: Windows
Affected Version: All version below R138

References

https://www.cve.org/CVERecord?id=CVE-2025-15642

https://www.netskope.com/resources/netskope-resources/netskope-security-advisory-nskpsa-2025-008

CVSS Analysis

CVSS v4.0

6.8

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Attack Requirements

NoneAT:N

Privileges Required

HighPR:H

User Interaction

NoneUI:N

Vulnerable System

Vuln. Confidentiality

NoneVC:N

Vuln. Integrity

HighVI:H

Vuln. Availability

HighVA:H

Subsequent System

Subseq. Confidentiality

NoneSC:N

Subseq. Integrity

NoneSI:N

Subseq. Availability

NoneSA:N

6.8/CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

Weakness Type (CWE)

Configuration

Incorrect Default Permissions

Ecosystems

Timeline

PublishedJun 17, 2026

ModifiedJun 17, 2026

CVE-2025-15642 | Mondoo Vulnerability Intelligence