Main Vulnerability Database Vulnerabilities #VU130245

Insecure Operation on Windows Junction / Mount Point in Norton Secure VPN - CVE-2025-58074

Published: May 6, 2026

Vulnerability identifier: #VU130245

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-58074

CWE-ID: CWE-1386

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Gen Digital

Affected software:
Norton Secure VPN

Detailed vulnerability description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions during the installation of Norton Secure VPN via the Microsoft Store, which leads to security restrictions bypass and privilege escalation.

How to mitigate CVE-2025-58074

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Sources

https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2276

Insecure Operation on Windows Junction / Mount Point in Norton Secure VPN - CVE-2025-58074

Detailed vulnerability description

How to mitigate CVE-2025-58074

Sources

Please verify you're human