CVE-2019-25343 HIGH

CVE-2019-25343: NextVPN 4.10 - Insecure File Permissions

Vendor Vm3Max
Product NextVPN
Weakness CWE-732
Published February 12, 2026
Last update February 12, 2026

CVSS base score

8.5/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

NextVPN 4.10 contains an insecure file permissions vulnerability that allows local users to modify executable files with full access rights. Attackers can replace system executables with malicious files to gain SYSTEM or Administrator privileges through unauthorized file modification.

Key dates

02Disclosure timeline

February 12, 2026 CVE published
February 12, 2026 Record updated