July 16, 2025
Severity: Medium
Summary
A report of a time-of-check to time-of-use race condition vulnerability was submitted to ESET by Will Dormann of Vul Labs. The vulnerability potentially allowed an attacker to use the installed ESET security software to clear the content of an arbitrary file on the file system.
Details
By leveraging the properties of an NTFS file system, the attacker could use the installed ESET security software (refer to Affected products and versions below) to clear the content of an arbitrary file. This could be achieved by swapping the file handles upon the detection (and before the clearing) of a file that had a duplicate of the same name.
ESET fixed this possible attack vector and prepared new builds of its products that are no longer susceptible to this vulnerability (refer to Solution below).
The CVE ID reserved for this vulnerability is CVE-2025-2425, with the CVSS v4.0 score 5.1 and the following CVSS v4.0 vector: AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
To the best of our knowledge, no exploits exist in the wild that exploit this vulnerability.
Solution
ESET prepared fixed builds of its security products and recommends upgrading to these or scheduling the upgrades in the near future. The fixed builds are available in the Download section of www.eset.com or via ESET Repository as well.
- ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security Premium, ESET Security Ultimate 18.2.14.0 and later
- ESET Endpoint Antivirus for Windows and ESET Endpoint Security for Windows 12.0.2058.0, 11.1.2062.0 and later from the respective version family
- ESET Small Business Security and ESET Safe Server 18.2.14.0 and later
- ESET Server Security for Windows Server (formerly File Security for Microsoft Windows Server) 12.0.12005.0, 11.1.12013.0 and later from the respective version family
- ESET Mail Security for Microsoft Exchange Server 12.0.10004.0, 11.1.10013 and later from the respective version family
- ESET Security for Microsoft SharePoint Server 12.0.15005.0, 11.1.15005.0 and later from the respective version family
Affected products and versions
- ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security Premium, ESET Security Ultimate 18.1.13.0 and earlier
- ESET Endpoint Antivirus for Windows and ESET Endpoint Security for Windows 12.0.2049.0, 11.1.2059.0 and earlier from the respective version family
- ESET Small Business Security and ESET Safe Server 18.1.13.0 and earlier
- ESET Server Security for Windows Server (formerly File Security for Microsoft Windows Server) 12.0.12004.0, 11.1.12009.1 and earlier from the respective version family
- ESET Mail Security for Microsoft Exchange Server 12.0.10003.0, 11.1.10011.0 and earlier from the respective version family
- ESET Security for Microsoft SharePoint Server 12.0.15004.0, 11.1.15003.0 and earlier from the respective version family
Feedback & Support
If you have feedback or questions about this issue, use the ESET Security Forum or local ESET Technical Support.
Acknowledgement
ESET values the principles of coordinated disclosure within the security industry and would like to express our thanks to Will Dormann of Vul Labs.
Version log
Version 1.0 (July 16, 2025): Initial version of this document
