{"id":17220,"date":"2025-08-15T00:53:07","date_gmt":"2025-08-15T00:53:07","guid":{"rendered":"https:\/\/sekuritasit.com\/?p=17220"},"modified":"2025-08-15T00:53:07","modified_gmt":"2025-08-15T00:53:07","slug":"multiple-ztna-products-authentication-bypass","status":"publish","type":"post","link":"https:\/\/sekuritasit.com\/index.php\/2025\/08\/15\/multiple-ztna-products-authentication-bypass\/","title":{"rendered":"Multiple ZTNA Products Authentication Bypass"},"content":{"rendered":"

What is the Vulnerability?A series of critical vulnerabilities affecting leading zero trust platforms – Zscaler, Netskope, and Check Point (Perimeter 81) – have been disclosed following a seven-month research campaign by security researchers David Cash and Richard Warren. These flaws include authentication bypasses, privilege escalation, and hardcoded credentials, significantly weakening the core security assumptions of zero-trust environments.Zscaler (CVE-2025-54982): The most severe flaw is CVE-2025-54982, which affects Zscaler\u2019s SAML authentication mechanism. The vulnerability arises from the improper verification of cryptographic signatures in Zscaler’s SAML authentication mechanism, allowing attackers to craft forged SAML assertions and bypass authentication, thereby posing a significant risk to data integrity and confidentiality.\u00a0Netskope: Multiple client-side vulnerabilities were discovered. CVE-2024-7401 allows unauthorized client enrollment by abusing static, non-rotatable \u201cOrgKey\u201d tokens. Additional pending CVEs describe: Cross-organization user impersonation using shared OrgKey values and a Privilege escalation issue.\u00a0\u00a0Check Point (Perimeter 81): Check Point\u2019s Perimeter 81 platform suffers from a critical vulnerability involving hard-coded SFTP credentials. These credentials grant unauthorized access to client log files and JWT authentication tokens across multiple tenants, violating zero-trust isolation principles. No CVE has been assigned at this time.What is the recommended Mitigation?There is currently no confirmed in-the-wild exploitation, but public disclosure and high-risk potential suggest that proof-of-concept (PoC) attacks are likely imminent. Due to the low attack complexity and high severity, exploitation in the wild is considered highly probable in the near term.Zscaler has released a patch for CVE-2025-54982, and it has been remediated in all Zscaler Clouds. Customers are strongly advised to update the SAML authentication module, enforce strict digital signature validation, and rotate credentials that may have been exposed. Zscaler TrustNetskope has issued an advisory for CVE-2024-7401. NSKPSA-2024-001 – NetskopeCheck Point has not yet issued a patch or advisory for the vulnerability in Perimeter 81. Until a fix is available, customers should rotate any hardcoded or shared SFTP credentials, restrict SFTP access, and monitor access logs for anomalous activity.\u00a0What FortiGuard Coverage is available?FortiGuard Labs is currently analyzing the vulnerabilities and monitoring for indicators of compromise (IOCs). Signature detections and threat Signal will be updated as information becomes available.The FortiGuard Incident Response team can be engaged to help with any suspected compromise.Read More<\/a>\u00a0<\/p>","protected":false},"excerpt":{"rendered":"

What is the Vulnerability?A series of critical vulnerabilities affecting leading zero trust platforms – Zscaler, Netskope, and Check Point (Perimeter 81) – have been disclosed following a seven-month research campaign by security researchers David Cash and Richard Warren. These flaws include authentication bypasses, privilege escalation, and hardcoded credentials, significantly weakening the core security assumptions of […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-17220","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"aioseo_notices":[],"aioseo_head":"\n\t\t\n\t\n\t\n\t\n\t\n\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t