CVE-2025-2425

Summary

Time-of-check to time-of-use race condition vulnerability potentially allowed an attacker to use the installed ESET security software to clear the content of an arbitrary file on the file system.

Affected Software

VendorProductVersion RangeStatus
ESET, spol. s.r.oESET NOD32 Antivirus0 <= 18.1.13.0affected
ESET, spol. s.r.oESET Internet Security0 <= 18.1.13.0affected
ESET, spol. s.r.oESET Smart Security Premium0 <= 18.1.13.0affected
ESET, spol. s.r.oESET Security Ultimate0 <= 18.1.13.0affected
ESET, spol. s.r.oESET Endpoint Antivirus for Windows0 <= 12.0.2049.0affected
ESET, spol. s.r.oESET Endpoint Antivirus for Windows0 <= 11.1.2059.0affected
ESET, spol. s.r.oESET Endpoint Security for Windows0 <= 12.0.2049.0affected
ESET, spol. s.r.oESET Endpoint Security for Windows0 <= 11.1.2059.0affected
ESET, spol. s.r.oESET Small Business Security0 <= 18.1.13.0affected
ESET, spol. s.r.oESET Safe Server0 <= 18.1.13.0affected
ESET, spol. s.r.oESET Server Security for Windows Server0 <= 12.0.12004.0affected
ESET, spol. s.r.oESET Server Security for Windows Server0 <= 11.1.12009.1affected
ESET, spol. s.r.oESET Mail Security for Microsoft Exchange Server0 <= 12.0.10003.0affected
ESET, spol. s.r.oESET Mail Security for Microsoft Exchange Server0 <= 11.1.10011.0affected
ESET, spol. s.r.oESET Security for Microsoft SharePoint Server0 <= 12.0.15004.0affected
ESET, spol. s.r.oESET Security for Microsoft SharePoint Server0 <= 11.1.15003.0affected

Weaknesses

  • CWE-367: CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References