CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-3886: CatoNetworks CatoClient up to 5.8 PrivilegedHelperTool Race Condition

5.7 CVSS

Description

An issue in CatoNetworks CatoClient before v.5.8.0 allows attackers to escalate privileges and achieve a race condition (TOCTOU) via the PrivilegedHelperTool component.

Classification

CVE ID: CVE-2025-3886

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.7

CVSS Vector: CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/AU:Y/R:U/RE:L/U:Green

Problem Types

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Affected Products

Vendor: Cato Networks

Product: SDP Client

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 7.49% (scored less or equal to compared to others)

EPSS Date: 2025-05-26 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-3886
https://support.catonetworks.com/hc/en-us/articles/26903049677597-Security-Vulnerability-CVE-2025-3886-that-Impacts-macOS-Client-Versions-Lower-than-5-8

Timeline

2025-04-24 00:15:20 UTC
Zero Day Initiative Published Advisories

ZDI-25-252: (0Day) Cato Networks Cato Client for macOS Helper Service Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability
2025-04-27 11:40:13 UTC
CVE

CatoNetworks CatoClient up to 5.8 PrivilegedHelperTool Race Condition