CVE-2025-0309

MEDIUM

Netskope Client - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-0309. PoCs published by AmberWolfCyber.

AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2025-0309, leveraging a custom action DLL to execute arbitrary code during installation. The exploit includes a TCP proxy for command and control, demonstrating remote code execution capabilities.

Description

An insufficient validation on the server connection endpoint in Netskope Client allows local users to elevate privileges on the system. The insufficient validation allows Netskope Client to connect to any other server with Public Signed CA TLS certificates and send specially crafted responses to elevate privileges.

Exploits (1)

nomisec WORKING POC 3 stars
by AmberWolfCyber · poc
https://github.com/AmberWolfCyber/UpSkope

This repository contains a proof-of-concept exploit for CVE-2025-0309, leveraging a custom action DLL to execute arbitrary code during installation. The exploit includes a TCP proxy for command and control, demonstrating remote code execution capabilities.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Unknown (likely a Windows installer or similar software)
No auth needed
Prerequisites: Access to the target system to deploy the malicious DLL · Target software vulnerable to CVE-2025-0309
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v4 6.0
EPSS 0.0017
EPSS Percentile 7.0%
CVSS:4.0/AV:P/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:H/SC:H/SI:H/SA:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-295
Status published
Products (1)
Netskope/Netskope Client < 129.0.0
Published Aug 14, 2025
Tracked Since Feb 18, 2026