Security analysts warn that countless organizations across the globe may be vulnerable to major cyber threats after the identification of several critical flaws in prominent Zero Trust Network Access (ZTNA) platforms. Disclosed by AmberWolf researchers during the DEF CON 33 briefing in Las Vegas, these flaws compromise the core trust and identity validation frameworks that underpin modern remote access solutions, raising serious alarms in industries that have quickly migrated away from legacy VPN infrastructure.
In a seven-month probe, researchers David Cash and Richard Warren uncovered authentication bypass and privilege escalation vulnerabilities in products from Zscaler, Netskope, and Check Point’s Perimeter 81. These vulnerabilities can let attackers to impersonate legitimate users, bypass security controls, and access sensitive corporate resources without valid credentials.
One of the most severe discoveries involved a SAML authentication bypass in Zscaler’s platform (CVE-2025-54982), stemming from insufficient validation of signed assertions. Netskope’s suite contained multiple high-severity flaws, including an Identity Provider (IdP) enrollment bypass (CVE-2024-7401), a cross-organization impersonation vector exploiting persistent “OrgKey” identifiers, and a local privilege escalation path via rogue server interaction. Although Netskope has publicly addressed vulnerabilities in its authentication mechanism, and evidence of active exploitation has persisted for more than 16 months, numerous enterprises continue to rely on the insecure configuration rather than adopting hardened alternatives.
Check Point’s Perimeter 81 was found to include a hard-coded SFTP credential flaw, enabling unauthorized access to multi-tenant client logs that contained sensitive JWT authentication tokens. This kind of cross-tenant data leakage poses substantial risks to both operational integrity and customer confidence.
The research also highlighted uneven vendor transparency. Zscaler assigned a CVE to its vulnerability, whereas Netskope has not issued identifiers for certain server-side flaws, complicating security assessments for affected organizations. Furthermore, insecure configurations remain common despite public security notices.
Unlike typical VPN vulnerabilities, these flaws directly erode the identity verification layer, the central “trust” element, within ZTNA systems. Successful exploitation could result in complete network compromise, theft of sensitive data, and large-scale operational disruption.
Security specialists recommend that organizations using Zscaler, Netskope, or Perimeter 81 review advisories immediately, install available patches, retire outdated authentication methods, and audit deployments for unsafe settings. To prevent platforms from becoming single points of failure, it is advised to incorporate independent penetration testing and reinforcing identity validation processes.
AmberWolf’s findings reinforce a key principle of Zero Trust architecture: trust is not a one-time guarantee but must be continuously validated, even when it involves the vendors entrusted to control and secure access.
Caught feelings for cybersecurity? It’s okay, it happens. Follow us on LinkedIn and Instagram to keep the spark alive.
