The seven-month investigation revealed that organizations relying on these “next-generation” security solutions may face significantly greater risks than traditional VPN deployments.
The research team identified multiple high-severity vulnerabilities across major ZTNA vendors.
In Zscaler’s implementation, researchers discovered CVE-2025-54982, a SAML authentication bypass vulnerability where the system failed to validate that SAML assertions were properly signed.
This flaw enabled complete authentication bypass, granting attackers access to both web proxies and “Private Access” services that route traffic to internal enterprise resources.
Netskope suffered from two distinct authentication bypass vulnerabilities.
The first involved an authentication bypass in Identity Provider (IdP) enrollment mode, while the second enabled arbitrary cross-organization user impersonation when attackers obtained a non-revocable “OrgKey” value alongside any enrollment key.
Additionally, researchers identified a local privilege escalation vulnerability (CVE pending) that allowed attackers to achieve SYSTEM-level privileges by coercing the Netskope client to communicate with a rogue server.
Check Point’s Perimeter 81 solution exposed a hard-coded SFTP key vulnerability, providing unauthorized access to an SFTP server containing client logs from multiple tenants, including files with JWT (JSON Web Token) material that could facilitate authentication against the service.
The authentication bypass vulnerabilities represent the most critical findings, as they provide attackers with complete access to internal network resources without legitimate credentials.
When successful exploitation occurs, attackers gain the ability to impersonate any user within the target organization, accessing both external web resources through corporate proxies and internal infrastructure through Private Access tunnels.
Particularly concerning is Netskope’s continued support for an authentication method they have publicly documented as exploitable since CVE-2024-7401 was reported in 2024.
Despite being aware of in-the-wild exploitation by bug bounty hunters, many organizations continue operating in this vulnerable configuration as of August 2025, approximately 16 months after initial disclosure.
The research highlights significant disparities in vendor transparency regarding security vulnerabilities.
While Zscaler issued CVE-2025-54982 for their SAML authentication bypass, Netskope consistently refuses to issue CVEs for server-side vulnerabilities, raising questions about organizational risk assessment capabilities.
The UK National Cyber Security Centre’s February 2025 guidance on digital forensics and protective monitoring specifications emphasizes the critical importance of logging standards and forensic data acquisition requirements for network devices.
Organizations outsourcing traffic management to ZTNA vendors must demand clear assurances that these standards are met and that server-side vulnerabilities receive transparent disclosure, enabling proper risk evaluation and incident response capabilities.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates
The post Critical Flaws Found in Zero Trust Network Access Products from Check Point, Zscaler, and NetSkope appeared first on Cyber Security News.
Ubiquiti Networks has released urgent security updates to address a series of highly critical vulnerabilities…
PERU, Ind. (WOWO) — Indiana State Police detectives are investigating a shooting that occurred late…
An empty field lies next to the Tennessee Truck Center at Ford's BlueOval City campus…
Riot Games has stepped in to squash rumors that it is using its Vanguard anti-cheat…
For Memorial Day, Dell is offering an Alienware 16X Aurora gaming laptop that's loaded with…
Forza Horizon 6 for PC and Xbox was released on May 19. This is the…
This website uses cookies.