CVE-2025-58074

Description

A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Store. A low-privilege user can replace files during the installation process, which may result in deletion of arbitrary files that can lead to elevation of privileges.

CVSS Details

CVSS Score

8.8

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

Norton Secure VPN (通过Microsoft Store安装版本)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# This is a conceptual PoC demonstrating the race condition exploit.
import os
import time

# Simulating the vulnerable installation process scenario
def simulate_vulnerable_installation():
    install_path = "C:\\Program Files\\NortonVPN\\config.cfg"
    target_system_file = "C:\\Windows\\System32\\critical.dll"
    
    print(f"[*] Installer creating file: {install_path}")
    # Installer (High Privilege) creates a file
    with open(install_path, 'w') as f:
        f.write("default_config")

    # Attacker (Low Privilege) detects the file and races to replace it
    print("[!] Low-privilege user detects file and attempts replacement...")
    
    # In a real exploit, the attacker would replace this with a symlink (Junction)
    # pointing to a system file to force the installer to delete/overwrite it.
    try:
        # For simulation, we just rename/move, but real attack uses os.symlink or junctions
        if os.path.exists(install_path):
            print(f"[+] Replacing {install_path} with symlink to {target_system_file}")
            # os.remove(install_path) # Step 1: Remove original
            # os.symlink(target_system_file, install_path) # Step 2: Create symlink
            print("[*] If successful, the next installer operation affects the system file.")
    except Exception as e:
        print(f"[-] Exploit failed: {e}")

if __name__ == "__main__":
    simulate_vulnerable_installation()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-58074
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-58074
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-58074/
[4] VulDB https://vuldb.com/cve/CVE-2025-58074
[5] https://talosintelligence.com/vulnerability_reports/TALOS-2025-2276
[6] https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2276

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-58074", "sourceIdentifier": "[email protected]", "published": "2026-05-04T14:16:28.480", "lastModified": "2026-05-04T15:22:52.850", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Store. A low-privilege user can replace files during the installation process, which may result in deletion of arbitrary files that can lead to elevation of privileges."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.0, "impactScore": 6.0}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-1386"}]}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2276", "source": "[email protected]"}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2276", "source": "af854a3a-2127-422b-91ae-364da2661108"}]}}