CVE-2025-58074

Summary

A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Store. A low-privilege user can replace files during the installation process, which may result in deletion of arbitrary files that can lead to elevation of privileges.

Affected Software

VendorProductVersion RangeStatus
Gen DigitalNorton Secure VPN6.5.0.59affected

Weaknesses

  • CWE-1386: CWE-1386: Insecure Operation on Windows Junction / Mount Point

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References