In a startling revelation at DEF CON 33 held in Las Vegas, cybersecurity researchers from AmberWolf uncovered critical vulnerabilities in Zero Trust Network Access (ZTNA) products from major vendors like Zscaler, Netskope, and Check Point. These findings have sent shockwaves through the industry, as ZTNA solutions are often marketed as secure alternatives to traditional VPNs, promising robust protection for remote access to corporate resources. The exposed flaws, which include authentication bypasses and privilege escalation risks, challenge the very foundation of trust that these platforms are built upon. With organizations increasingly relying on ZTNA to safeguard sensitive data and critical infrastructure, the implications of these discoveries are profound. This alarming scenario raises urgent questions about the reliability of such technologies and the measures needed to protect against potential exploits. As the cybersecurity landscape continues to evolve, these revelations serve as a stark reminder of the persistent challenges in securing modern network access solutions.
Unveiling Severe Security Gaps
At the heart of the AmberWolf research, presented by experts David Cash and Richard Warren, lies a series of high-severity vulnerabilities that strike at the core of ZTNA architectures. Over a meticulous seven-month investigation, the team identified critical issues such as a SAML authentication bypass in Zscaler’s platform, cataloged as CVE-2025-54982, where digitally signed assertions failed to undergo proper validation. Similarly, Netskope’s systems were found to harbor flaws involving non-revocable “OrgKey” values, enabling attackers to impersonate legitimate users through vulnerabilities like CVE-2024-7401 and others pending designation. Check Point’s Perimeter 81 also revealed alarming weaknesses, with hard-coded SFTP credentials exposing sensitive client logs and authentication data across multiple tenants. These discoveries not only breach data isolation but also erode the trust organizations place in these solutions to secure their networks against unauthorized access.
The broader impact of these vulnerabilities cannot be understated, as they directly undermine the security promises of ZTNA platforms. Unlike traditional VPN flaws that often affect perimeter defenses, these issues penetrate deeper, allowing attackers to gain access to internal resources without valid credentials. The risk is amplified by widespread insecure configurations, particularly in Netskope’s deployments, where evidence suggests many organizations remain exposed despite known exploitation by bug bounty hunters over an extended period. For businesses that have transitioned to ZTNA as a cornerstone of their remote work strategies, this serves as a critical warning. The complexity of securing such platforms is evident in the diversity of flaws uncovered, ranging from authentication failures to multi-tenant data exposure. This situation demands a reevaluation of how trust mechanisms are implemented and maintained in environments where security is paramount.
Challenges in Vendor Transparency and Response
Another significant concern arising from the AmberWolf findings is the inconsistency in how vendors address and disclose these vulnerabilities. While Zscaler has formally issued a CVE for their SAML authentication flaw, providing some level of transparency, Netskope maintains a policy of not assigning CVEs for server-side issues, leaving organizations with less clarity on the risks they face. Check Point’s vulnerability in Perimeter 81, meanwhile, lacks any formal CVE designation, further complicating efforts to assess and mitigate potential threats. This disparity in disclosure practices creates a fragmented landscape where businesses struggle to understand the full scope of their exposure. Without standardized reporting, the ability to prioritize and address critical security gaps is severely hampered, leaving many at risk of undetected exploitation by malicious actors.
The lack of uniform vendor response also highlights a systemic challenge within the cybersecurity industry. Even when vulnerabilities are identified, the persistence of exploitable methods—such as Netskope’s continued support for flawed authentication mechanisms—demonstrates a gap in accountability and urgency. For organizations relying on ZTNA solutions to protect sensitive operations, this inconsistency can be a significant blind spot. The research underscores a consensus among experts that rigorous, ongoing security testing is essential, particularly as reliance on these technologies grows. Beyond individual vendor actions, there is a pressing need for industry-wide standards to ensure transparency and prompt remediation. Only through collaborative efforts can the trust in ZTNA platforms be restored, enabling businesses to confidently secure their digital environments against evolving threats.
Moving Forward with Enhanced Scrutiny
Reflecting on the events at DEF CON 33, the exposure of critical flaws in ZTNA products from leading vendors served as a pivotal moment for the cybersecurity community. The detailed findings by AmberWolf researchers illuminated significant gaps that had previously gone unnoticed, prompting a much-needed dialogue about the reliability of trust-based architectures. These discoveries underscored the reality that even advanced solutions are not immune to severe vulnerabilities, challenging the assumptions many organizations held about their security posture.
Looking ahead, the path to resolution lies in actionable steps and heightened accountability. Vendors must prioritize comprehensive security testing and adopt consistent disclosure practices to ensure organizations are fully informed of risks. Simultaneously, businesses adopting ZTNA solutions should implement robust monitoring and regularly update configurations to mitigate potential exploits. Industry collaboration will be key in establishing stricter standards for developing and deploying next-generation remote access technologies, ensuring that trust is not just promised but proven through rigorous validation.
