Recent research has unveiled significant security vulnerabilities in Zero Trust Network Access (ZTNA) solutions from leading providers, including Zscaler, NetSkope, and Check Point. These flaws could potentially allow unauthorized access to corporate networks, posing serious risks to sensitive data and system integrity.
Authentication Bypass Vulnerabilities
One of the most critical issues identified is the presence of authentication bypass vulnerabilities. In Zscaler’s implementation, a flaw tracked as CVE-2025-54982 was discovered, where the platform failed to validate that SAML assertions were correctly signed. This oversight enables attackers to impersonate legitimate users without proper credentials, granting them access to internal corporate resources.
Similarly, NetSkope’s system exhibited vulnerabilities in its Identity Provider (IdP) enrollment mode, previously documented as CVE-2024-7401. Despite being known for over 16 months, many organizations continue to use this insecure configuration, leaving them susceptible to unauthorized access. Additionally, NetSkope’s architecture allows for cross-organization user impersonation when attackers possess specific non-revocable values, facilitating authentication bypass across different tenants.
Privilege Escalation and Cross-Tenant Data Exposure
Beyond authentication issues, the research highlighted privilege escalation vulnerabilities that could compromise endpoint security. NetSkope’s client contains a flaw that allows attackers to achieve SYSTEM-level access by manipulating the client to communicate with a rogue server. This vulnerability underscores how ZTNA clients can become vectors for local system compromise.
Check Point’s Perimeter 81 service was found to have a hard-coded SFTP key vulnerability, providing unauthorized access to an SFTP server containing client logs from multiple tenants. These logs include JWT material that could facilitate authentication against the Perimeter 81 service, representing a significant cross-tenant data exposure risk.
Implications for Organizations
As organizations increasingly adopt ZTNA solutions to replace traditional VPNs, these discoveries underscore the importance of rigorous security validation and vendor accountability. The vulnerabilities identified highlight the need for continuous monitoring and updating of security protocols to protect corporate network infrastructure from sophisticated threat actors.
