CVE-2025-5028

Summary

Installation file of ESET security products on Windows

allow an attacker to misuse to delete an arbitrary file without having the permissions to do so.

Affected Software

VendorProductVersion RangeStatus
ESET, spol. s.r.oESET NOD32 Antivirus0 <= 18.1.13.0affected
ESET, spol. s.r.oESET Internet Security0 <= 18.1.13.0affected
ESET, spol. s.r.oESET Smart Security Premium0 <= 18.1.13.0affected
ESET, spol. s.r.oESET Security Ultimate0 <= 18.1.13.0affected
ESET, spol. s.r.oESET Endpoint Antivirus for Windows0 <= 12.0.2049.0affected
ESET, spol. s.r.oESET Endpoint Antivirus for Windows0 <= 11.1.2059.0affected
ESET, spol. s.r.oESET Endpoint Security for Windows0 <= 12.0.2049.0affected
ESET, spol. s.r.oESET Endpoint Security for Windows0 <= 11.1.2059.0affected
ESET, spol. s.r.oESET Small Business Security0 <= 18.1.13.0affected
ESET, spol. s.r.oESET Safe Server0 <= 18.1.13.0affected

Weaknesses

  • CWE-269: CWE-269 Improper Privilege Management

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References