Vendor
A local privilege escalation vulnerability (Unquoted Service Path) in ProtonVPN v4.4.1 has a public exploit, allowing a local attacker to execute arbitrary code with 'LocalSystem' privileges by placing a malicious executable in a specific directory, which is then launched by the vulnerable 'ProtonVPN Wireguard' service upon startup or restart.