CVE-2019-25343

HIGH

NextVPN 4.10 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25343. PoCs published by SajjadBnd.

AI-analyzed exploit summary The exploit demonstrates insecure file permissions in NextVPN v4.10, allowing an attacker to replace service binaries with malicious executables for privilege escalation. The PoC includes detailed file permission listings and a clear exploitation method.

Description

NextVPN 4.10 contains an insecure file permissions vulnerability that allows local users to modify executable files with full access rights. Attackers can replace system executables with malicious files to gain SYSTEM or Administrator privileges through unauthorized file modification.

Exploits (1)

exploitdb WORKING POC
by SajjadBnd · textlocalwindows
https://www.exploit-db.com/exploits/47831

The exploit demonstrates insecure file permissions in NextVPN v4.10, allowing an attacker to replace service binaries with malicious executables for privilege escalation. The PoC includes detailed file permission listings and a clear exploitation method.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: NextVPN v4.10
No auth needed
Prerequisites: Local access to the system · Ability to write files to the NextVPN installation directory
devstral-2 · analyzed Feb 17, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/47831
Various Sources product
https://vm3max.site

Scores

CVSS v3 7.8
EPSS 0.0011
EPSS Percentile 1.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-732
Status published
Products (1)
Vm3Max/NextVPN 4.10
Published Feb 12, 2026
Tracked Since Feb 18, 2026