CVE-2025-58074

CVE	CVE-2025-58074
State	PUBLISHED
Assigner	talos
Source Priority	CVE Program / NVD first with legacy fallback
Published	2026-05-04 14:16:28 UTC
Updated	2026-05-04 15:22:52 UTC
Description	A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Store. A low-privilege user can replace files during the installation process, which may result in deletion of arbitrary files that can lead to elevation of privileges.

Primary CVSS: v3.1 8.8 HIGH from [email protected]

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS: 0.000130000 probability, percentile 0.021030000 (date 2026-05-05)

Problem Types: CWE-1386 | CWE-1386 CWE-1386: Insecure Operation on Windows Junction / Mount Point

Version	Source	Type	Score	Severity	Vector
3.1	[email protected]	Secondary	8.8	HIGH	`CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H`
3.1	CNA	DECLARED	8.8	HIGH	`CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H`

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Source	Vendor	Product	Version	Platforms
CNA	Gen Digital	Norton Secure VPN	affected 6.5.0.59	Not specified

Reference	Source	Link	Tags
talosintelligence.com/vulnerability_reports/TALOS-2025-2276	[email protected]	talosintelligence.com
www.talosintelligence.com/vulnerability_reports/TALOS-2025-2276	af854a3a-2127-422b-91ae-364da2661108	www.talosintelligence.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

CNA: Discovered by KPC of Cisco Talos. (en)

There are currently no legacy QID mappings associated with this CVE.