Arbitrary File Deletion Vulnerability in ESET Security Products for Windows
CVE-2025-5028

6.8MEDIUM

Key Information:

Vendor: Eset, Spol. S.r.o
Status: Eset Nod32 Antivirus; Eset Internet Security; Eset Smart Security Premium; Eset Security Ultimate
Vendor: CVE Published:; 11 July 2025

🔔 Create Eset, Spol. S.r.o Vulnerability Alert

What is CVE-2025-5028?

ESET security products for Windows have a critical vulnerability in their installation files, enabling attackers to delete arbitrary files without necessary permissions. This flaw can jeopardize system integrity and compromise sensitive data. Users are advised to update their ESET software to the latest versions to mitigate this risk.

Affected Version(s)

ESET Endpoint Antivirus for Windows 0 <= 12.0.2049.0

ESET Endpoint Antivirus for Windows 0 <= 11.1.2059.0

ESET Endpoint Security for Windows 0 <= 12.0.2049.0

References

https://support.eset.com/en/ca8838-arbitrary-file-deletio...

CVSS V4

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 11, 2025
Vulnerability Reserved
May 21, 2025