PatchSiren cyber security CVE debrief
CVE-2025-15642 Netskope CVE debrief
A vulnerability was reported in Netskope Client for Windows, where a malicious insider with admin privileges can bypass NSClient Tamper Protections. This is due to weak Discretionary Access Control List (DACLs) on the service object and related registry keys. The affected product is Netskope Client, and the affected platform is Windows, with all versions below R138 being vulnerable.
- Vendor
- Netskope
- Product
- Netskope Client
- CVSS
- MEDIUM 6.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-17
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-17
Who should care
Organizations using Netskope Client for Windows, especially those with admin privileges, should be aware of this vulnerability and take necessary actions to mitigate the risk. This includes reviewing system configurations, ensuring proper access controls are in place, and monitoring for suspicious activity. Additionally, organizations should consider implementing compensating controls, such as additional monitoring or access restrictions, until the patch can be applied.
Technical summary
The vulnerability exists due to weak Discretionary Access Control List (DACLs) on the service object and related registry keys in Netskope Client for Windows. This allows a malicious insider with admin privileges to bypass NSClient Tamper Protections. The CVSS score for this vulnerability is 6.8, and the severity is classified as MEDIUM. The affected product is Netskope Client, and the affected platform is Windows, with all versions below R138 being vulnerable. To exploit this vulnerability, an attacker would need to have admin privileges and access to the affected system.
Defensive priority
Medium priority should be given to patching or mitigating this vulnerability, as it requires admin privileges but can lead to significant security bypass.
Recommended defensive actions
- Apply the patch or update to version R138 or later of Netskope Client for Windows.
- Review and adjust DACLs on the service object and related registry keys to ensure proper access controls are in place.
- Monitor for any suspicious activity that could indicate exploitation of this vulnerability.
- Implement compensating controls, such as additional monitoring or access restrictions, until the patch can be applied.
- Review system configurations to ensure proper access controls are in place.
- Consider implementing additional security measures, such as enhanced monitoring or incident response plans.
Evidence notes
The CVE record was published on 2026-06-17T13:19:13.230Z and was last modified on 2026-06-17T16:18:58.823Z. The NVD entry is currently Awaiting Analysis. The vendor, Netskope, has provided a security advisory (NSKPSA-2025-008) related to this vulnerability.
Official resources
-
CVE-2025-15642 CVE record
CVE.org
-
CVE-2025-15642 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T13:19:13.230Z and has not been modified since then. The NVD entry is currently Awaiting Analysis.