Executive Summary
A high severity vulnerability was discovered in Netwrix Endpoint Policy Manager Cloud Client during a routine security review. A reliance on client-side authorization controls may allow an attacker with local standard user access to trigger operations in Netwrix Endpoint Policy Manager Cloud Client which should be restricted to administrators. These operations include unregistering the endpoint which disables Netwrix Endpoint Policy Manager policy enforcement.
Vulnerability
| Title | Affected Component | Affected Versions | CVSS 4.0 Score | CVSS 3.1 Score (Base / Temporal) | Description |
|---|---|---|---|---|---|
| Authorization Bypass - Client-Side Security Controls | Netwrix Endpoint Policy Manager Cloud Client for Windows | <25.5.4276 | 8.5 | 7.8 / 7.0 | An attacker can bypass client side authorization controls to unregister the endpoint and disable policy enforcement. |
Exploitability
Factors such as whether details about the vulnerability are publicly known, whether an exploit is readily available, or whether adversaries are actively exploiting the vulnerability are valuable in making risk-based judgments about urgency and priority; customers should use the information below in making those decisions.
| Title | Publicly known? | Exploit available? | Actively exploited? |
|---|---|---|---|
| Authorization Bypass - Client-Side Security Controls | No | No | No |
Solution
All Netwrix Endpoint Policy Manager customers are advised to update Cloud Client to version 25.5.4250 or later as soon as possible.
Instructions for the Netwrix Endpoint Policy Manager Cloud Client upgrade process can be found in the following help center articles:
- Rings with Endpoint Policy Manager Cloud
- Using Rings to Test and Update the Endpoint Policy Manager Client-Side Extension and/or Cloud Client (And How to Stay Supported)
- Endpoint Policy Manager Cloud Groups CSE and Cloud Client Small-Scale Testing and Updates
Please contact the Netwrix technical support team should you need assistance.
Official Fixes
Updated software has been released containing official fixes for the vulnerability as indicated in the table below.
| Product | Release Version |
|---|---|
| Netwrix Endpoint Policy Manager Cloud Client | 25.5.4276 |
FAQ
-
How do I determine the current version of Netwrix Endpoint Policy Manager Cloud Client?
The version is displayed when
ppcloud.exe /statusorppcloud.exe /syncand in Windows “Add/Remove Programs”. -
Is Netwrix Endpoint Policy Manager (non cloud) or Netwrix Endpoint Policy Manager Client Side Extension affected?
No, only Netwrix Endpoint Policy Manager Cloud Client is affected by the vulnerability above.
Revisions
Updates to this advisory may be made as necessary. Information about each change will be published in the table below.
| Revision | Date | Description |
|---|---|---|
| 1 | 2025-06-03T12:00:00Z | First published |
Disclaimer
The information and materials included in or linked to this Security Advisory are provided on an “as-is” basis and without warranty of any kind, and we disclaim all representations and warranties of any kind, whether express or implied, including warranties of merchantability and fitness for a particular use. You acknowledge and agree that your use of the information and materials included in or linked to this Security Advisory are at your own risk.