CVE-2025-5942
epdlpdrv.sys — Netskope Endpoint DLP heap overflow causes denial of service
Summary
| Field | Value |
|---|---|
| Driver | epdlpdrv.sys (Netskope Endpoint DLP) |
| Vendor | Netskope |
| Vulnerability Class | Heap-Based Buffer Overflow |
| CVSS | 5.7 (Medium) |
| Exploited ITW | No |
| Patch Date | August 13, 2025 |
Root Cause
The epdlpdrv.sys minifilter driver never bounds-checks a user-supplied length before copying into a heap buffer. An unprivileged local user overflows that buffer, corrupts adjacent pool memory, and crashes the system.
Exploitation
An unprivileged local user sends crafted input, overflows the heap buffer, and blue-screens the machine.
DoS only, no code execution. Unlike CVE-2025-11156, no admin privileges needed.
Exploitation Primitive
Unprivileged user sends crafted input
→ heap overflow in epdlpdrv.sys
→ pool corruption → BSOD