Error type:
CWE-269:Improper Privilege Management
Vulnerability vector:
- Base vulnerability score (CVSSv4.0): CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
- Severity (CVSSv4.0): 7.0 (High)
Description:
The vulnerability was identified in Mullvad VPN, version 2025.4.
The discovered vulnerability allows an attacker to escalate privileges from a normal user to root.
Vulnerability status: Confirmed by vendor
Date of vulnerability remediation: 24.06.2025
Recommendations:
- Update to version 2025.7 or higher
Additional information: Security advisory, PT SWARM article
Researcher: Egor Filatov (Positive Technologies)
Identifiers:
CVE-2025-46351
BDU:2025-04871
Vendor:
Amagicom AB
Vulnerable product:
Mullvad VPN
Vulnerable versions:
2025.4