CVE-2025-58074 PUBLISHED

Assigner: talos
Reserved: 19.09.2025 Published: 04.05.2026 Updated: 04.05.2026

A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Store. A low-privilege user can replace files during the installation process, which may result in deletion of arbitrary files that can lead to elevation of privileges.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVSS Score: 8.8

Attack Vector	Local	Scope	Changed
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	Low	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	Gen Digital
Product	Norton Secure VPN
Versions	Version 6.5.0.59 is affected

Credits

Discovered by KPC of Cisco Talos.

References

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2276

Problem Types

CWE-1386: Insecure Operation on Windows Junction / Mount Point CWE