CVSS: 8.1EPSS: 0%CPEs: 16EXPL: 0CVE-2025-2425 – TOCTOU race condition vulnerability in ESET products on Windows
https://notcve.org/view.php?id=CVE-2025-2425
18 Jul 2025 — Time-of-check to time-of-use race condition vulnerability potentially allowed an attacker to use the installed ESET security software to clear the content of an arbitrary file on the file system. La vulnerabilidad de condición de ejecución de tiempo de verificación a tiempo de uso potencialmente permitió que un atacante usara el software de seguridad ESET instalado para borrar el contenido de un archivo arbitrario en el sistema de archivos. • https://support.eset.com/en/ca8840-eset-customer-advisory-toctou-race-condition-vulnerability-in-eset-products-on-windows-fixed • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 9.1EPSS: 0%CPEs: 10EXPL: 0CVE-2025-5028 – Arbitrary file deletion vulnerability in ESET product installers
https://notcve.org/view.php?id=CVE-2025-5028
11 Jul 2025 — Installation file of ESET security products on Windows allow an attacker to misuse to delete an arbitrary file without having the permissions to do so. Installation file of ESET security products on Windows allow an attacker to misuse to delete an arbitrary file without having the permissions to do so. • https://support.eset.com/en/ca8838-arbitrary-file-deletion-vulnerability-in-eset-product-installers-on-windows-fixed • CWE-269: Improper Privilege Management •
CVSS: 8.4EPSS: 0%CPEs: 17EXPL: 0CVE-2024-11859 – DLL Search Order Hijacking in ESET products for Windows
https://notcve.org/view.php?id=CVE-2024-11859
07 Apr 2025 — DLL Search Order Hijacking vulnerability potentially allowed an attacker with administrator privileges to load a malicious dynamic-link library and execute its code. • https://support.eset.com/en/ca8810-dll-search-order-hijacking-vulnerability-in-eset-products-for-windows-fixed • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-6654 – Denial of Service vulnerability in ESET products for macOS
https://notcve.org/view.php?id=CVE-2024-6654
27 Sep 2024 — Products for macOS enables a user logged on to the system to perform a denial-of-service attack, which could be misused to disable the protection of the ESET security product and cause general system slow-down. Los productos para macOS permiten que un usuario conectado al sistema realice un ataque de denegación de servicio, que podría usarse indebidamente para deshabilitar la protección del producto de seguridad de ESET y provocar una ralentización general del sistema. Products for macOS enables a user logg... • https://support.eset.com/en/ca8725-local-privilege-escalation-vulnerability-in-eset-products-for-macos-fixed • CWE-377: Insecure Temporary File •
CVSS: 8.5EPSS: 0%CPEs: 13EXPL: 0CVE-2024-7400 – Local privilege escalation in ESET products for Windows
https://notcve.org/view.php?id=CVE-2024-7400
27 Sep 2024 — The vulnerability potentially allowed an attacker to misuse ESET’s file operations during the removal of a detected file on the Windows operating system to delete files without having proper permissions to do so. • https://support.eset.com/en/ca8726-local-privilege-escalation-fixed-for-vulnerability-during-detected-file-removal-in-eset-products-for-windows • CWE-1386: Insecure Operation on Windows Junction / Mount Point •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2024-3779 – Denial of Service in ESET products for Windows
https://notcve.org/view.php?id=CVE-2024-3779
16 Jul 2024 — Denial of service vulnerability present shortly after product installation or upgrade, potentially allowed an attacker to render ESET’s security product inoperable, provided non-default preconditions were met. • https://support.eset.com/en/ca8688 • CWE-276: Incorrect Default Permissions •
CVSS: 7.3EPSS: 0%CPEs: 13EXPL: 0CVE-2024-2003 – Local Privilege Escalation in Quarantine of ESET products for Windows
https://notcve.org/view.php?id=CVE-2024-2003
21 Jun 2024 — Local privilege escalation vulnerability allowed an attacker to misuse ESET's file operations during a restore operation from quarantine. This vulnerability allows local attackers to escalate privileges on affected installations of ESET Smart Security Premium. User interaction on the part of an administrator is required to exploit this vulnerability. The specific flaw exists within the ESET Service. By creating a symbolic link, an attacker can abuse the service to create a file. An attacker can leverage thi... • https://support.eset.com/ca8674 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 29EXPL: 0CVE-2024-0353 – Local privilege escalation in Windows products
https://notcve.org/view.php?id=CVE-2024-0353
15 Feb 2024 — Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission. La vulnerabilidad de escalada de privilegios local potencialmente permitió a un atacante hacer un mal uso de las operaciones de archivos de ESET para eliminar archivos sin tener el permiso adecuado. This vulnerability allows local attackers to escalate privileges on affected installations of ESET Smart Security Premium. An attacker must first obtain the ... • https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed • CWE-269: Improper Privilege Management •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-7043 – Unquoted path privilege vulnerability in ESET products for Windows
https://notcve.org/view.php?id=CVE-2023-7043
31 Jan 2024 — Unquoted service path in ESET products allows to drop a prepared program to a specific location and run on boot with the NT AUTHORITY\NetworkService permissions. La ruta de servicio sin comillas en los productos ESET permite colocar un programa preparado en una ubicación específica y ejecutarlo al arrancar con los permisos NT AUTHORITY\NetworkService. Unquoted service path in ESET products allows to drop a prepared program to a specific location and run on boot with the NT AUTHORITY\NetworkService permissio... • https://support.eset.com/en/ca8602 • CWE-428: Unquoted Search Path or Element •
CVSS: 8.6EPSS: 0%CPEs: 13EXPL: 0CVE-2023-5594 – Improper following of a certificate's chain of trust in ESET security products
https://notcve.org/view.php?id=CVE-2023-5594
21 Dec 2023 — Improper validation of the server’s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as trusted. La validación incorrecta de la cadena de certificados del servidor en la función de escaneo de tráfico seguro consideró que el certificado intermedio firmado utilizando el algoritmo MD5 o SHA1 era confiable. • https://support.eset.com/en/ca8562-eset-customer-advisory-improper-following-of-a-certificates-chain-of-trust-in-eset-security-products-fixed • CWE-295: Improper Certificate Validation •