CVE-2019-25343

HIGH

NextVPN 4.10 - Privilege Escalation

Title source: llm

Description

NextVPN 4.10 contains an insecure file permissions vulnerability that allows local users to modify executable files with full access rights. Attackers can replace system executables with malicious files to gain SYSTEM or Administrator privileges through unauthorized file modification.

Exploits (1)

exploitdb WORKING POC

by SajjadBnd · textlocalwindows

https://www.exploit-db.com/exploits/47831

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/47831

[Various Sources] https://vm3max.site

[Third Party Advisory] https://www.vulncheck.com/advisories/nextvpn-insecure-file-permissions

Scores

CVSS v3 7.8

EPSS 0.0001

EPSS Percentile 2.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-732

Status published

Products (1)

Vm3Max/NextVPN 4.10

Published Feb 12, 2026

Tracked Since Feb 18, 2026