Race Condition Vulnerability in ESET Security Software
CVE-2025-2425

5.1MEDIUM

Key Information:

Vendor: Eset, Spol. S.r.o
Status: Eset Nod32 Antivirus; Eset Internet Security; Eset Smart Security Premium; Eset Security Ultimate
Vendor: CVE Published:; 18 July 2025

🔔 Create Eset, Spol. S.r.o Vulnerability Alert

What is CVE-2025-2425?

A race condition vulnerability exists in ESET security products, potentially allowing an attacker to manipulate the installed software. This vulnerability arises during the time gap between checking the security status and executing a command, which could enable unauthorized removal of file content within the file system. This issue impacts multiple ESET security offerings, creating significant concerns for users regarding system integrity and data protection.

Affected Version(s)

ESET Endpoint Antivirus for Windows 0 <= 12.0.2049.0

ESET Endpoint Antivirus for Windows 0 <= 11.1.2059.0

ESET Endpoint Security for Windows 0 <= 12.0.2049.0

References

https://support.eset.com/en/ca8840-eset-customer-advisory...

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 18, 2025
Vulnerability Reserved
Mar 17, 2025