Main Vulnerability Database Vulnerabilities #VU130245

Insecure Operation on Windows Junction / Mount Point in Norton Secure VPN - CVE-2025-58074

Published: May 6, 2026

Vulnerability identifier: #VU130245

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-58074

CWE-ID: CWE-1386

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Norton Secure VPN

Software vendor:
Gen Digital

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions during the installation of Norton Secure VPN via the Microsoft Store, which leads to security restrictions bypass and privilege escalation.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2276

Insecure Operation on Windows Junction / Mount Point in Norton Secure VPN - CVE-2025-58074

Description

Remediation

External links

Please verify you're human