Executive Summary
During an internal security review, vulnerabilities were identified in Netwrix Endpoint Policy Manager MacOS Cloud Client, including authorization bypass through client-side security controls and weak cryptography with hard-coded encryption keys for client certificate handling.
While Netwrix is unaware of any current exploitation of these vulnerabilities, all Netwrix Endpoint Policy Manager MacOS Cloud Client customers are advised to apply the available update immediately.
Vulnerability
| Title | Affected Component | Affected Versions | CVSS 4.0 Score | CVSS 3.1 Score (Base / Temporal) | Description |
|---|---|---|---|---|---|
| Authorization Bypass - Client-Side Security Controls | Netwrix Endpoint Policy Manager MacOS Cloud Client | >=1.0.0.0 <25.09.0182.182 | 7.3 | 7.0 / 6.1 | Netwrix Endpoint Policy Manager MacOS Cloud Client relies on client-side authorization controls for certain high privileged functions. This may allow an attacker with local, low privileged access to an endpoint to unregister the endpoint from Netwrix Endpoint Policy Manager Cloud and disable policy enforcement on the endpoint. |
| Weak Cryptography - Hardcoded Encryption Key - Client certificate - At rest | Netwrix Endpoint Policy Manager MacOS Cloud Client | >=1.0.0.0 <25.09.0182.182 | 6.9 | 6.1 / 5.3 | Netwrix Endpoint Policy Manager MacOS Cloud Client stores client-specific certificates and private keys in an encrypted format using a hard-coded key. This may allow an attacker with local, low privileged access to the endpoint to unregister the endpoint from the Netwrix Endpoint Policy Manager Cloud and cause policy synchronization failures. |
| Weak Cryptography - Hardcoded Encryption Key - Client certificate - In transit | Netwrix Endpoint Policy Manager MacOS Cloud Client | >=1.0.0.0 <25.09.0182.182 | 4.8 | 5.3 / 4.6 | During registration Netwrix Endpoint Policy Manager MacOS Cloud Client establishes an mTLS encrypted connection with Netwrix Endpoint Policy Manager Cloud using a customer-specific certificate. As an additional layer of protection Netwrix Endpoint Policy Manager Cloud encrypts the client-specific certificate that is created, and returned to the client, during the registration process. This encryption uses a hard-coded key. This may allow an attacker, who was in possession of the customer specific certificate and has access to the network, to unregister the endpoint from the Netwrix Endpoint Policy Manager Cloud and cause policy synchronization failures. |
Exploitability
Factors such as whether details about the vulnerability are publicly known, whether an exploit is readily available, or whether adversaries are actively exploiting the vulnerability are valuable in making risk-based judgments about urgency and priority; customers should use the information below in making those decisions.
| Title | Publicly known? | Exploit available? | Actively exploited? |
|---|---|---|---|
| Authorization Bypass - Client-Side Security Controls | No | No | No |
| Weak Cryptography - Hardcoded Encryption Key - Client certificate - At rest | No | No | No |
| Weak Cryptography - Hardcoded Encryption Key - Client certificate - In transit | No | No | No |
Solution
All Netwrix Endpoint Policy Manager MacOS Cloud Client customers are advised to apply the available update immediately. This update is essential to remediating risk from the described vulnerabilities.
The update is available in the Netwrix Endpoint Policy Manager Portal.
Please contact the Netwrix technical support team should you need assistance.
Official Fixes
Updated software has been released containing official fixes for the vulnerabilities as indicated in the table below.
| Title | Version |
|---|---|
| Authorization Bypass - Client-Side Security Controls | 25.09.0182.182 |
| Weak Cryptography - Hardcoded Encryption Key - Client certificate - At rest | 25.09.0182.182 |
| Weak Cryptography - Hardcoded Encryption Key - Client certificate - In transit | 25.09.0182.182 |
FAQ
-
How do I determine which version of Netwrix Endpoint Policy Manager MacOS Cloud Client is in use?
The version is available by clicking on the Netwrix Endpoint Policy Manager MacOS Cloud Client status bar icon.
Revisions
Updates to this advisory may be made as necessary. Information about each change will be published in the table below.
| Revision | Date | Description |
|---|---|---|
| 1 | 2025-09-16T12:00:00Z | First published |
Disclaimer
The information and materials included in or linked to this Security Advisory are provided on an “as-is” basis and without warranty of any kind, and we disclaim all representations and warranties of any kind, whether express or implied, including warranties of merchantability and fitness for a particular use. You acknowledge and agree that your use of the information and materials included in or linked to this Security Advisory are at your own risk.