CVE-2025-15642: CWE-276 Incorrect default permissions in Netskope Netskope Client
CVE-2025-15642 is a vulnerability in the Netskope Client for Windows where weak default permissions on the service object and related registry keys allow a malicious insider with administrative privileges to bypass NSClient Tamper Protections. This affects all versions prior to R138. The issue is due to incorrect Discretionary Access Control Lists (CWE-276). The vulnerability has a medium severity with a CVSS score of 6.8.
AI Analysis
Technical Summary
This vulnerability arises from incorrect default permissions (CWE-276) in the Netskope Client for Windows. Specifically, the Discretionary Access Control Lists (DACLs) on the service object and associated registry keys are weak, enabling a malicious insider with administrative privileges to bypass the NSClient Tamper Protections. The affected product is Netskope Client on Windows platforms, with all versions below R138 impacted. No official remediation or patch information is currently available.
Potential Impact
A malicious insider with administrative privileges on a Windows system running an affected version of Netskope Client can bypass NSClient Tamper Protections due to weak permissions. This could allow unauthorized modification or disabling of the client’s protections, potentially undermining the security posture of the system.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or remediation level is provided, users should monitor Netskope advisories for updates. Until a patch is available, restricting administrative access and auditing changes to the Netskope Client service and registry keys may help reduce risk.
CVE-2025-15642: CWE-276 Incorrect default permissions in Netskope Netskope Client
Description
CVE-2025-15642 is a vulnerability in the Netskope Client for Windows where weak default permissions on the service object and related registry keys allow a malicious insider with administrative privileges to bypass NSClient Tamper Protections. This affects all versions prior to R138. The issue is due to incorrect Discretionary Access Control Lists (CWE-276). The vulnerability has a medium severity with a CVSS score of 6.8.
CVSS v4.0
Score 6.8medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability arises from incorrect default permissions (CWE-276) in the Netskope Client for Windows. Specifically, the Discretionary Access Control Lists (DACLs) on the service object and associated registry keys are weak, enabling a malicious insider with administrative privileges to bypass the NSClient Tamper Protections. The affected product is Netskope Client on Windows platforms, with all versions below R138 impacted. No official remediation or patch information is currently available.
Potential Impact
A malicious insider with administrative privileges on a Windows system running an affected version of Netskope Client can bypass NSClient Tamper Protections due to weak permissions. This could allow unauthorized modification or disabling of the client’s protections, potentially undermining the security posture of the system.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or remediation level is provided, users should monitor Netskope advisories for updates. Until a patch is available, restricting administrative access and auditing changes to the Netskope Client service and registry keys may help reduce risk.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Netskope
- Date Reserved
- 2026-04-22T15:49:44.526Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a31ffc30b89be68889b0127
Added to database: 6/17/2026, 2:00:35 AM
Last enriched: 6/17/2026, 2:30:44 AM
Last updated: 6/17/2026, 4:58:31 AM
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.