CVE-2019-25343
Insecure File Permissions in NextVPN 4.10 Enables Privilege Escalation
Publication date: 2026-02-12
Last updated on: 2026-02-13
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nextvpn | nextvpn | 4.10 |
| nextvpn | nextvpn | to 4.10 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-732 | The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2019-25343 is an insecure file permissions vulnerability found in NextVPN version 4.10 and earlier. Due to incorrect permission settings during installation, local users with limited privileges can modify executable files by having full access rights to them.
This vulnerability allows attackers to replace legitimate system executables with malicious files. When these replaced executables are run, the attacker can escalate their privileges to SYSTEM or Administrator level without requiring user interaction.
How can this vulnerability impact me? :
This vulnerability can lead to local privilege escalation on affected systems running NextVPN 4.10 or earlier. An attacker with local access can exploit the insecure file permissions to replace critical executable files with malicious versions.
By doing so, the attacker gains SYSTEM or Administrator privileges, which allows them to fully control the system, compromise confidentiality, integrity, and availability of data, and potentially execute arbitrary code with the highest system privileges.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking the file and folder permissions of the NextVPN installation directory and its executable files. Specifically, you want to verify if the executables have insecure permissions that grant full control to users with limited privileges.
A suggested command to detect insecure permissions on Windows systems is the use of the icacls command to list the permissions of the relevant executable files.
- Run `icacls` on the NextVPN installation directory and executables, for example: `icacls C:\Path\To\NextVPN\*.exe`
- Check if the output shows that the logged-in user or non-administrative users have full control permissions over these executables.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves correcting the file and folder permissions of the NextVPN installation directory and its executables to restrict unauthorized modification.
Ensure that only SYSTEM and Administrators have full control permissions, and remove full control permissions from standard or limited users.
Additionally, consider replacing any potentially modified executables with clean, trusted versions to prevent execution of malicious files.
If possible, update NextVPN to a version later than 4.10 where this vulnerability is fixed.