Cyber Resilience

CVE-2019-25343

HighPublic PoCLPE

Published: 12 February 2026

Published
12 February 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0011 1.4th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2019-25343 is a high-severity Incorrect Permission Assignment for Critical Resource (CWE-732) vulnerability in Vm3Max (inferred from references). Its CVSS base score is 8.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Services File Permissions Weakness (T1574.010); ranked at the 1.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and CM-6 (Configuration Settings).

Deeper analysis

CVE-2019-25343 is an insecure file permissions vulnerability (CWE-732) in NextVPN 4.10. The flaw allows local users to modify executable files that grant full access rights, enabling unauthorized alterations to system executables.

A local attacker with low privileges (PR:L) can exploit this vulnerability with low attack complexity (AC:L) and no user interaction (UI:N). By replacing legitimate system executables with malicious ones, the attacker can achieve privilege escalation to SYSTEM or Administrator levels, resulting in high impacts to confidentiality, integrity, and availability (CVSS:3.1 score of 7.8).

Advisories from VulnCheck detail the insecure file permissions issue in NextVPN, while Exploit-DB hosts an exploit at https://www.exploit-db.com/exploits/47831. Security practitioners should review these references, including https://www.vulncheck.com/advisories/nextvpn-insecure-file-permissions and https://vm3max.site, for mitigation guidance and patch information.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

NextVPN 4.10 contains an insecure file permissions vulnerability that allows local users to modify executable files with full access rights. Attackers can replace system executables with malicious files to gain SYSTEM or Administrator privileges through unauthorized file modification.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1574.010 Services File Permissions Weakness Stealth
Adversaries may execute their own malicious payloads by hijacking the binaries used by services.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Insecure file permissions (CWE-732) on executables directly enables local privilege escalation by allowing replacement of system binaries.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-22676Shared CWE-732
CVE-2019-25344Shared CWE-732
CVE-2026-26101Shared CWE-732
CVE-2025-33088Shared CWE-732
CVE-2025-21325Shared CWE-732
CVE-2025-12985Shared CWE-732
CVE-2026-25112Shared CWE-732
CVE-2025-22454Shared CWE-732
CVE-2026-8110Shared CWE-732
CVE-2024-55411Shared CWE-732

Affected Assets

Vm3Max
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Prevents unauthorized modification of executable programs, directly mitigating the insecure file permissions that allow replacement of system executables with malicious ones.

prevent

Mandates secure configuration settings including restrictive file permissions on executables to prevent low-privileged local users from modifying them.

prevent

Enforces least privilege to restrict low-privileged local users from accessing or modifying critical system executables.

References