CVE-2025-5028

MEDIUM

ESET Security Products - Privilege Escalation

Title source: llm

Description

Installation file of ESET security products on Windows allow an attacker to misuse to delete an arbitrary file without having the permissions to do so.

References (1)

Core 1

Core References

Various Sources

https://support.eset.com/en/ca8838-arbitrary-file-deletion-vulnerability-in-eset-product-installers-on-windows-fixed

Scores

CVSS v4 6.8

EPSS 0.0012

EPSS Percentile 2.4%

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-269

Status published

Products (10)

ESET, spol. s.r.o/ESET Endpoint Antivirus for Windows < 11.1.2059.0

ESET, spol. s.r.o/ESET Endpoint Antivirus for Windows < 12.0.2049.0

ESET, spol. s.r.o/ESET Endpoint Security for Windows < 11.1.2059.0

ESET, spol. s.r.o/ESET Endpoint Security for Windows < 12.0.2049.0

ESET, spol. s.r.o/ESET Internet Security < 18.1.13.0

ESET, spol. s.r.o/ESET NOD32 Antivirus < 18.1.13.0

ESET, spol. s.r.o/ESET Safe Server < 18.1.13.0

ESET, spol. s.r.o/ESET Security Ultimate < 18.1.13.0

ESET, spol. s.r.o/ESET Small Business Security < 18.1.13.0

ESET, spol. s.r.o/ESET Smart Security Premium < 18.1.13.0

Published Jul 11, 2025

Tracked Since Feb 18, 2026