CVE-2019-25343

HIGH

NextVPN 4.10 - Privilege Escalation

Title source: llm

Description

NextVPN 4.10 contains an insecure file permissions vulnerability that allows local users to modify executable files with full access rights. Attackers can replace system executables with malicious files to gain SYSTEM or Administrator privileges through unauthorized file modification.

Exploits (1)

exploitdb WORKING POC

by SajjadBnd · textlocalwindows

https://www.exploit-db.com/exploits/47831

View Code ZIP pw:eip

References (3)

[Various Sources] https://vm3max.site

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/47831

[Third Party Advisory] https://www.vulncheck.com/advisories/nextvpn-insecure-file-permissions

Scores

CVSS v3 7.8

EPSS 0.0001

EPSS Percentile 1.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-732

Status draft

Timeline

Published Feb 12, 2026

Tracked Since Feb 18, 2026