Description
A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Store. A low-privilege user can replace files during the installation process, which may result in deletion of arbitrary files that can lead to elevation of privileges.
Published: 2026-05-04
Score: 8.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A low‑privilege user can replace or delete files during the installation of Norton Secure VPN via the Microsoft Store. This flaw allows the user to remove critical files that the installer expects to be present, potentially enabling the installation of malicious components or the bypass of integrity checks. The outcome is an elevation of privileges, giving the attacker higher system access than originally granted.

Affected Systems

The vulnerability affects Gen Digital’s Norton Secure VPN when installed through the Microsoft Store. No specific version ranges are disclosed, so any deployment using the Microsoft Store installer should be considered vulnerable until a patch is applied.

Risk and Exploitability

The vulnerability carries a CVSS score of 8.8, indicating high severity. EPSS data is not available, and the issue is not listed in the CISA KEV catalog, suggesting no known widespread exploitation yet. However, the attack requires local access during installation, meaning a regular user with installation rights can trigger the flaw. If exploited, the attacker can gain elevated privileges on the host system.

Generated by OpenCVE AI on May 4, 2026 at 14:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest patch or update for Norton Secure VPN released by Gen Digital.
  • Reinstall Norton Secure VPN from the official Microsoft Store after ensuring the latest version is installed.
  • Limit installation rights for regular users and enable policies that restrict Microsoft Store app installations if possible.

Generated by OpenCVE AI on May 4, 2026 at 14:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 04 May 2026 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Gen Digital
Gen Digital norton Secure Vpn
Vendors & Products Gen Digital
Gen Digital norton Secure Vpn

Mon, 04 May 2026 15:30:00 +0000

Type Values Removed Values Added
References

Mon, 04 May 2026 15:00:00 +0000

Type Values Removed Values Added
Title Privilege Escalation During Norton Secure VPN Installation via Microsoft Store

Mon, 04 May 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 04 May 2026 13:30:00 +0000

Type Values Removed Values Added
Description A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Store. A low-privilege user can replace files during the installation process, which may result in deletion of arbitrary files that can lead to elevation of privileges.
Weaknesses CWE-1386
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Gen Digital Norton Secure Vpn
cve-icon MITRE

Status: PUBLISHED

Assigner: talos

Published:

Updated: 2026-05-04T17:00:12.404Z

Reserved: 2025-09-19T13:36:50.208Z

Link: CVE-2025-58074

cve-icon Vulnrichment

Updated: 2026-05-04T14:44:32.529Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-04T14:16:28.480

Modified: 2026-05-04T15:22:52.850

Link: CVE-2025-58074

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T16:05:59Z

Weaknesses