CVE-2025-58074
HIGHDescription
A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Store. A low-privilege user can replace files during the installation process, which may result in deletion of arbitrary files that can lead to elevation of privileges.
Is your site exposed to CVE-2025-58074?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2025-58074? +
How severe is CVE-2025-58074? +
How do I check if I'm vulnerable to CVE-2025-58074? +
Related Vulnerabilities
The vulnerability potentially allowed an attacker to misuse ESET’s file operations during the removal of a detected file on the …
A junction point vulnerability within AMD uProf can allow a local low-privileged attacker to create junction points, potentially resulting in …
Dell Display Manager application, version 2.1.1.17 and prior, contain an insecure operation on windows junction/mount point. A local malicious user …
Dell Inventory Collector Client, versions prior to 13.8.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A …
DUP framework version 4.9.4.36 and prior contains insecure operation on Windows junction/Mount point vulnerability. A local malicious standard user could …