Search criteria
4 vulnerabilities by ESET, spol. s.r.o
CVE-2025-3716 (GCVE-0-2025-3716)
Vulnerability from cvelistv5 – Published: 2026-03-30 07:30 – Updated: 2026-03-30 15:19
VLAI
Title
User enumeration in ESET Protect (on-prem)
Summary
User enumeration in ESET Protect (on-prem) via Response Timing.
Severity
CWE
- CWE-204 - Observable response discrepancy
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://help.eset.com/changelogs/?product=protect… | release-notes |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ESET, spol. s.r.o | ESET Protect (on-prem) |
Unaffected:
12.1.1.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3716",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-30T15:18:46.243056Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T15:19:53.699Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ESET Protect (on-prem)",
"vendor": "ESET, spol. s.r.o",
"versions": [
{
"status": "unaffected",
"version": "12.1.1.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "User enumeration in ESET Protect (on-prem) via\u0026nbsp;Response Timing."
}
],
"value": "User enumeration in ESET Protect (on-prem) via\u00a0Response Timing."
}
],
"impacts": [
{
"capecId": "CAPEC-172",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-172 Manipulate Timing and State"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-204",
"description": "CWE-204 Observable response discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T07:30:30.707Z",
"orgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
"shortName": "ESET"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://help.eset.com/changelogs/?product=protect\u0026lang=en-US"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "User enumeration in ESET Protect (on-prem)",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
"assignerShortName": "ESET",
"cveId": "CVE-2025-3716",
"datePublished": "2026-03-30T07:30:30.707Z",
"dateReserved": "2025-04-16T08:51:43.823Z",
"dateUpdated": "2026-03-30T15:19:53.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13176 (GCVE-0-2025-13176)
Vulnerability from cvelistv5 – Published: 2026-01-30 12:18 – Updated: 2026-02-02 16:32
VLAI
Title
Local privilege escalation in ESET Inspect Connector for Windows
Summary
Planting a custom configuration file
in
ESET Inspect Connector allow load a malicious DLL.
Severity
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ESET, spol. s.r.o | ESET Inspect Connector |
Affected:
0 , ≤ 2.8.5555
(custom)
|
Date Public
2026-01-30 11:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13176",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-30T14:14:03.211249Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-02T16:32:58.431Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "ESET Inspect Connector",
"vendor": "ESET, spol. s.r.o",
"versions": [
{
"lessThanOrEqual": "2.8.5555",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2026-01-30T11:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlanting a custom configuration file\u003c/span\u003e\n\nin \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eESET Inspect Connector\u003c/span\u003e\u0026nbsp;allow\u0026nbsp;l\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eoad a malicious DLL.\u003c/span\u003e"
}
],
"value": "Planting a custom configuration file\n\nin \n\nESET Inspect Connector\u00a0allow\u00a0load a malicious DLL."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-30T12:18:58.271Z",
"orgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
"shortName": "ESET"
},
"references": [
{
"url": "https://support.eset.com/en/ca8910-eset-customer-advisory-local-privilege-escalation-vulnerability-fixed-in-eset-inspect-connector-for-windows"
}
],
"source": {
"advisory": "ca8910",
"discovery": "EXTERNAL"
},
"title": "Local privilege escalation in ESET Inspect Connector for Windows",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
"assignerShortName": "ESET",
"cveId": "CVE-2025-13176",
"datePublished": "2026-01-30T12:18:58.271Z",
"dateReserved": "2025-11-14T10:56:49.669Z",
"dateUpdated": "2026-02-02T16:32:58.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-2425 (GCVE-0-2025-2425)
Vulnerability from cvelistv5 – Published: 2025-07-18 09:20 – Updated: 2025-07-18 11:37
VLAI
Title
TOCTOU race condition vulnerability in ESET products on Windows
Summary
Time-of-check to time-of-use race condition vulnerability potentially allowed an attacker to use the installed ESET security software to clear the content of an arbitrary file on the file system.
Severity
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
1 reference
Impacted products
11 products
| Vendor | Product | Version | |
|---|---|---|---|
| ESET, spol. s.r.o | ESET NOD32 Antivirus |
Affected:
0 , ≤ 18.1.13.0
(custom)
|
|
| ESET, spol. s.r.o | ESET Internet Security |
Affected:
0 , ≤ 18.1.13.0
(custom)
|
|
| ESET, spol. s.r.o | ESET Smart Security Premium |
Affected:
0 , ≤ 18.1.13.0
(custom)
|
|
| ESET, spol. s.r.o | ESET Security Ultimate |
Affected:
0 , ≤ 18.1.13.0
(custom)
|
|
| ESET, spol. s.r.o | ESET Endpoint Antivirus for Windows |
Affected:
0 , ≤ 12.0.2049.0
(custom)
Affected: 0 , ≤ 11.1.2059.0 (custom) |
|
| ESET, spol. s.r.o | ESET Endpoint Security for Windows |
Affected:
0 , ≤ 12.0.2049.0
(custom)
Affected: 0 , ≤ 11.1.2059.0 (custom) |
|
| ESET, spol. s.r.o | ESET Small Business Security |
Affected:
0 , ≤ 18.1.13.0
(custom)
|
|
| ESET, spol. s.r.o | ESET Safe Server |
Affected:
0 , ≤ 18.1.13.0
(custom)
|
|
| ESET, spol. s.r.o | ESET Server Security for Windows Server |
Affected:
0 , ≤ 12.0.12004.0
(custom)
Affected: 0 , ≤ 11.1.12009.1 (custom) |
|
| ESET, spol. s.r.o | ESET Mail Security for Microsoft Exchange Server |
Affected:
0 , ≤ 12.0.10003.0
(custom)
Affected: 0 , ≤ 11.1.10011.0 (custom) |
|
| ESET, spol. s.r.o | ESET Security for Microsoft SharePoint Server |
Affected:
0 , ≤ 12.0.15004.0
(custom)
Affected: 0 , ≤ 11.1.15003.0 (custom) |
Date Public
2025-07-16 10:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2425",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-18T11:36:44.282751Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-18T11:37:03.044Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ESET NOD32 Antivirus",
"vendor": "ESET, spol. s.r.o",
"versions": [
{
"lessThanOrEqual": "18.1.13.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ESET Internet Security",
"vendor": "ESET, spol. s.r.o",
"versions": [
{
"lessThanOrEqual": "18.1.13.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ESET Smart Security Premium",
"vendor": "ESET, spol. s.r.o",
"versions": [
{
"lessThanOrEqual": "18.1.13.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ESET Security Ultimate",
"vendor": "ESET, spol. s.r.o",
"versions": [
{
"lessThanOrEqual": "18.1.13.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ESET Endpoint Antivirus for Windows",
"vendor": "ESET, spol. s.r.o",
"versions": [
{
"lessThanOrEqual": "12.0.2049.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "11.1.2059.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ESET Endpoint Security for Windows",
"vendor": "ESET, spol. s.r.o",
"versions": [
{
"lessThanOrEqual": "12.0.2049.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "11.1.2059.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ESET Small Business Security",
"vendor": "ESET, spol. s.r.o",
"versions": [
{
"lessThanOrEqual": "18.1.13.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ESET Safe Server",
"vendor": "ESET, spol. s.r.o",
"versions": [
{
"lessThanOrEqual": "18.1.13.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ESET Server Security for Windows Server",
"vendor": "ESET, spol. s.r.o",
"versions": [
{
"lessThanOrEqual": "12.0.12004.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "11.1.12009.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ESET Mail Security for Microsoft Exchange Server",
"vendor": "ESET, spol. s.r.o",
"versions": [
{
"lessThanOrEqual": "12.0.10003.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "11.1.10011.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ESET Security for Microsoft SharePoint Server",
"vendor": "ESET, spol. s.r.o",
"versions": [
{
"lessThanOrEqual": "12.0.15004.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "11.1.15003.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-07-16T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eTime-of-check to time-of-use race condition vulnerability potentially allowed an attacker to use the installed ESET security software to clear the content of an arbitrary file on the file system.\u003c/span\u003e"
}
],
"value": "Time-of-check to time-of-use race condition vulnerability potentially allowed an attacker to use the installed ESET security software to clear the content of an arbitrary file on the file system."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-18T09:20:52.051Z",
"orgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
"shortName": "ESET"
},
"references": [
{
"url": "https://support.eset.com/en/ca8840-eset-customer-advisory-toctou-race-condition-vulnerability-in-eset-products-on-windows-fixed"
}
],
"source": {
"advisory": "ca8840",
"discovery": "UNKNOWN"
},
"title": "TOCTOU race condition vulnerability in ESET products on Windows",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
"assignerShortName": "ESET",
"cveId": "CVE-2025-2425",
"datePublished": "2025-07-18T09:20:52.051Z",
"dateReserved": "2025-03-17T14:49:00.303Z",
"dateUpdated": "2025-07-18T11:37:03.044Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5028 (GCVE-0-2025-5028)
Vulnerability from cvelistv5 – Published: 2025-07-11 06:40 – Updated: 2025-07-11 16:11
VLAI
Title
Arbitrary file deletion vulnerability in ESET product installers
Summary
Installation file of ESET security products on Windows
allow an attacker to misuse to delete an arbitrary file without having the permissions to do so.
Severity
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| ESET, spol. s.r.o | ESET NOD32 Antivirus |
Affected:
0 , ≤ 18.1.13.0
(custom)
|
|
| ESET, spol. s.r.o | ESET Internet Security |
Affected:
0 , ≤ 18.1.13.0
(custom)
|
|
| ESET, spol. s.r.o | ESET Smart Security Premium |
Affected:
0 , ≤ 18.1.13.0
(custom)
|
|
| ESET, spol. s.r.o | ESET Security Ultimate |
Affected:
0 , ≤ 18.1.13.0
(custom)
|
|
| ESET, spol. s.r.o | ESET Endpoint Antivirus for Windows |
Affected:
0 , ≤ 12.0.2049.0
(custom)
Affected: 0 , ≤ 11.1.2059.0 (custom) |
|
| ESET, spol. s.r.o | ESET Endpoint Security for Windows |
Affected:
0 , ≤ 12.0.2049.0
(custom)
Affected: 0 , ≤ 11.1.2059.0 (custom) |
|
| ESET, spol. s.r.o | ESET Small Business Security |
Affected:
0 , ≤ 18.1.13.0
(custom)
|
|
| ESET, spol. s.r.o | ESET Safe Server |
Affected:
0 , ≤ 18.1.13.0
(custom)
|
Date Public
2025-07-09 10:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5028",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-11T16:11:20.838647Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T16:11:55.884Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ESET NOD32 Antivirus",
"vendor": "ESET, spol. s.r.o",
"versions": [
{
"lessThanOrEqual": "18.1.13.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ESET Internet Security",
"vendor": "ESET, spol. s.r.o",
"versions": [
{
"lessThanOrEqual": "18.1.13.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ESET Smart Security Premium",
"vendor": "ESET, spol. s.r.o",
"versions": [
{
"lessThanOrEqual": "18.1.13.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ESET Security Ultimate",
"vendor": "ESET, spol. s.r.o",
"versions": [
{
"lessThanOrEqual": "18.1.13.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ESET Endpoint Antivirus for Windows",
"vendor": "ESET, spol. s.r.o",
"versions": [
{
"lessThanOrEqual": "12.0.2049.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "11.1.2059.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ESET Endpoint Security for Windows",
"vendor": "ESET, spol. s.r.o",
"versions": [
{
"lessThanOrEqual": "12.0.2049.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "11.1.2059.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ESET Small Business Security",
"vendor": "ESET, spol. s.r.o",
"versions": [
{
"lessThanOrEqual": "18.1.13.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ESET Safe Server",
"vendor": "ESET, spol. s.r.o",
"versions": [
{
"lessThanOrEqual": "18.1.13.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-07-09T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInstallation file of ESET security products on Windows \n\nallow an attacker to misuse\u0026nbsp;to delete an arbitrary file without having the permissions to do so.\u003c/span\u003e"
}
],
"value": "Installation file of ESET security products on Windows \n\nallow an attacker to misuse\u00a0to delete an arbitrary file without having the permissions to do so."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T06:40:28.636Z",
"orgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
"shortName": "ESET"
},
"references": [
{
"url": "https://support.eset.com/en/ca8838-arbitrary-file-deletion-vulnerability-in-eset-product-installers-on-windows-fixed"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Arbitrary file deletion vulnerability in ESET product installers",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
"assignerShortName": "ESET",
"cveId": "CVE-2025-5028",
"datePublished": "2025-07-11T06:40:28.636Z",
"dateReserved": "2025-05-21T09:28:16.965Z",
"dateUpdated": "2025-07-11T16:11:55.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}