CVE-2025-58074

HIGH 8.8

CVSS Score

8.8

EPSS Score

0.0%

EPSS Percentile

0th

A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Store. A low-privilege user can replace files during the installation process, which may result in deletion of arbitrary files that can lead to elevation of privileges.

CWE	CWE-1386
Vendor	gen digital
Product	norton secure vpn
Published	May 4, 2026
Last Updated	May 4, 2026

Stay Ahead of the Next One

Get instant alerts for gen digital norton secure vpn

Be the first to know when new high vulnerabilities affecting gen digital norton secure vpn are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Gen Digital / Norton Secure VPN

6.5.0.59

References

NVD ↗ CVE.org ↗ EPSS Data ↗

talosintelligence.com: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2276

Credits

Discovered by KPC of Cisco Talos.