CVE-2025-2425

MEDIUM

ESET NOD32 Antivirus < 18.1.13.0 - Time-of-check Time-of-use Race Condition

Title source: llm

Description

Time-of-check to time-of-use race condition vulnerability potentially allowed an attacker to use the installed ESET security software to clear the content of an arbitrary file on the file system.

References (1)

Core 1

Core References

Various Sources

https://support.eset.com/en/ca8840-eset-customer-advisory-toctou-race-condition-vulnerability-in-eset-products-on-windows-fixed

Scores

CVSS v4 5.1

EPSS 0.0010

EPSS Percentile 0.9%

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-367

Status published

Products (16)

ESET, spol. s.r.o/ESET Endpoint Antivirus for Windows < 11.1.2059.0

ESET, spol. s.r.o/ESET Endpoint Antivirus for Windows < 12.0.2049.0

ESET, spol. s.r.o/ESET Endpoint Security for Windows < 11.1.2059.0

ESET, spol. s.r.o/ESET Endpoint Security for Windows < 12.0.2049.0

ESET, spol. s.r.o/ESET Internet Security < 18.1.13.0

ESET, spol. s.r.o/ESET Mail Security for Microsoft Exchange Server < 11.1.10011.0

ESET, spol. s.r.o/ESET Mail Security for Microsoft Exchange Server < 12.0.10003.0

ESET, spol. s.r.o/ESET NOD32 Antivirus < 18.1.13.0

ESET, spol. s.r.o/ESET Safe Server < 18.1.13.0

ESET, spol. s.r.o/ESET Security for Microsoft SharePoint Server < 11.1.15003.0

... and 6 more

Published Jul 18, 2025

Tracked Since Feb 18, 2026