Conversation
talosvulns

Talos Vulnerability Reports

New vulnerability report from Talos:

Norton Secure VPN Installation Insecure Operation On Junction Privilege Escalation Vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2276

CVE-2025-58074
1
1
0
wdormann@infosec.exchange

Will Dormann

Reply to @talosvulns

@talosvulns

during the installation

Aren't pretty much all installers vulnerable in some way during the installation process?

1
2
0
jernej__s@infosec.exchange

Jernej Simončič �

Reply to @wdormann@infosec.exchange

@wdormann @talosvulns Not normally – this specific installer reads and deletes files and folders from world-writable locations (and follows directory junctions, which can be created by unprivileged users).

0
1
0
About infosec.place

Terms of Service

This is a placeholder, overwrite this by putting a file at 

$STATIC_DIR/static/terms-of-service.html

See the Static Directory docs for more info.