NordVPN were exposed to vulnerabilities that could have allowed hackers to execute arbitrary code with administrator privileges on computers running Windows.
The bugs, CVE-2018-395 were discovered by Cisco Talos security researchers which is similar to another security flaw discovered in March by security consulting firm VerSprite.
NordVPN had released patches to fix the original vulnerability.
It was still possible to execute code as an administrator albeit through a exploit.
The initial vulnerability was due to OpenVPN being able to select a malicious file when choosing a VPN configuration.
They use OpenVPN's open-source software to set up secure connections from one point to another.
The vulnerability had already been fixed.
Source: https://www.pcmag.com/news/protonvpn-nordvpn-patch-windows-bug
"id": "NOR024301022",
"linkid": "nord-vpn",
"type": "Vulnerability",
"date": "09/2018",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"