CVE-2025-58074
Published: 04 May 2026
Summary
CVE-2025-58074 is a high-severity Insecure Operation on Windows Junction / Mount Point (CWE-1386) vulnerability in Norton Secure VPN (inferred from references). Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 2.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and CM-11 (User-installed Software).
Deeper analysis
CVE-2025-58074 is a privilege escalation vulnerability affecting the installation process of Norton Secure VPN when downloaded via the Microsoft Store. During installation, a low-privilege user can replace files, potentially leading to the deletion of arbitrary files and subsequent elevation of privileges. The vulnerability is rated with a CVSS v3.1 base score of 8.8 (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) and is associated with CWE-1386.
A low-privilege local user can exploit this vulnerability by interfering with the file replacement mechanism during the Norton Secure VPN installation from the Microsoft Store. Successful exploitation allows the attacker to delete arbitrary files, which can result in privilege escalation, granting higher-level access on the affected system and enabling confidentiality, integrity, and availability impacts.
Mitigation details and additional technical information are available in the Cisco Talos Intelligence advisory at https://talosintelligence.com/vulnerability_reports/TALOS-2025-2276.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-209612
Vulnerability details
A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Store. A low-privilege user can replace files during the installation process, which may result in deletion of arbitrary files that can lead to elevation of…
more
privileges.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct local privilege escalation via abuse of installer file replacement mechanism, matching Exploitation for Privilege Escalation.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Flaw remediation directly addresses the privilege escalation vulnerability by identifying, reporting, and correcting the file replacement issue in the Norton Secure VPN installation process.
Restricting or prohibiting user-installed software prevents execution of the vulnerable Norton Secure VPN installation from the Microsoft Store that allows low-privilege file replacement.
Least privilege enforcement limits low-privilege users' ability to replace files during installation, mitigating the path to arbitrary file deletion and privilege escalation.