Cyber Resilience

CVE-2025-58074

High

Published: 04 May 2026

Published
04 May 2026
Modified
29 May 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0013 2.7th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2025-58074 is a high-severity Insecure Operation on Windows Junction / Mount Point (CWE-1386) vulnerability in Norton Secure VPN (inferred from references). Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 2.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and CM-11 (User-installed Software).

Deeper analysis

CVE-2025-58074 is a privilege escalation vulnerability affecting the installation process of Norton Secure VPN when downloaded via the Microsoft Store. During installation, a low-privilege user can replace files, potentially leading to the deletion of arbitrary files and subsequent elevation of privileges. The vulnerability is rated with a CVSS v3.1 base score of 8.8 (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) and is associated with CWE-1386.

A low-privilege local user can exploit this vulnerability by interfering with the file replacement mechanism during the Norton Secure VPN installation from the Microsoft Store. Successful exploitation allows the attacker to delete arbitrary files, which can result in privilege escalation, granting higher-level access on the affected system and enabling confidentiality, integrity, and availability impacts.

Mitigation details and additional technical information are available in the Cisco Talos Intelligence advisory at https://talosintelligence.com/vulnerability_reports/TALOS-2025-2276.

EU & UK References

Vulnerability details

A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Store. A low-privilege user can replace files during the installation process, which may result in deletion of arbitrary files that can lead to elevation of…

more

privileges.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Direct local privilege escalation via abuse of installer file replacement mechanism, matching Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

Affected Assets

Norton
Secure VPN
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Flaw remediation directly addresses the privilege escalation vulnerability by identifying, reporting, and correcting the file replacement issue in the Norton Secure VPN installation process.

prevent

Restricting or prohibiting user-installed software prevents execution of the vulnerable Norton Secure VPN installation from the Microsoft Store that allows low-privilege file replacement.

prevent

Least privilege enforcement limits low-privilege users' ability to replace files during installation, mitigating the path to arbitrary file deletion and privilege escalation.

References