CVE-2025-5941

Netskope is notified about a potential gap in its agent (NS Client) in which a malicious actor could trigger a memory leak by sending a crafted DNS packet to a machine. A successful exploitation may require administrative privileges on the machine, based on the exact configuration. A successful exploit can potentially result in user-controllable memory being leaked in a domain name stored on the local machine.

CVSS

No CVSS.

References

Link	Resource
https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2025-001

Configurations

No configuration.

History

14 Aug 2025, 13:11

Type	Values Removed	Values Added
Summary		(es) Netskope recibe una notificación sobre una posible vulnerabilidad en su agente (Cliente NS) que podría provocar una fuga de memoria al enviar un paquete DNS manipulado a una máquina. Una explotación exitosa podría requerir privilegios administrativos en la máquina, según la configuración exacta. Una explotación exitosa podría provocar una fuga de memoria controlable por el usuario en un nombre de dominio almacenado en la máquina local.

14 Aug 2025, 05:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-14 05:15

Updated : 2025-08-14 13:11

NVD link : CVE-2025-5941

Mitre link : CVE-2025-5941

CVE.ORG link : CVE-2025-5941

JSON object : View

Products Affected

No product.

CWE

CWE-125

Out-of-bounds Read

{"id": "CVE-2025-5941", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "psirt@netskope.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 2.0, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-14T05:15:26.827", "references": [{"url": "https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2025-001", "source": "psirt@netskope.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "psirt@netskope.com", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "Netskope is notified about a potential gap in its agent (NS Client) in which a malicious actor could trigger a memory leak by sending a crafted DNS packet to a machine. A successful exploitation may require administrative privileges on the machine, based on the exact configuration. A successful exploit can potentially result in user-controllable memory being leaked in a domain name stored on the local machine."}, {"lang": "es", "value": "Netskope recibe una notificaci\u00f3n sobre una posible vulnerabilidad en su agente (Cliente NS) que podr\u00eda provocar una fuga de memoria al enviar un paquete DNS manipulado a una m\u00e1quina. Una explotaci\u00f3n exitosa podr\u00eda requerir privilegios administrativos en la m\u00e1quina, seg\u00fan la configuraci\u00f3n exacta. Una explotaci\u00f3n exitosa podr\u00eda provocar una fuga de memoria controlable por el usuario en un nombre de dominio almacenado en la m\u00e1quina local."}], "lastModified": "2025-08-14T13:11:53.633", "sourceIdentifier": "psirt@netskope.com"}