ESET Customer Advisory 2025-0013
August 22, 2025
Severity: Medium
Summary
ESET was made aware of a vulnerability in its security products for Windows, which has been addressed by an update of the HIPS support module. The module update was distributed and applied automatically, so our customers do not need to take action based on this advisory.
Details
The vulnerability lies in a missing protection of the affected products' registry entries against modifications by means of the NtRestoreKey and NtReplaceKey Windows APIs. Alteration of those registry entries might have led to preventing the ESET security products in question from starting correctly on the next system startup or to unauthorized changes in the product's configuration.
The CVE ID reserved for this vulnerability is CVE-2025-4952, with the CVSS v4.0 score 6.8 and the following CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
To the best of our knowledge, no exploits exist in the wild that exploit this vulnerability.
Solution
ESET fixed the issue concerning the protection against modifying registry entries via both the mentioned APIs, which is available in the HIPS support module 1496, and was distributed automatically to ESET customers along with the Detection engine updates. ESET customers require no action stemming from this advisory. The distribution of the module update started on May 20, 2025 for pre-release users, followed by several batches for users among the general public from June 2, 2025, with a full release on June 16, 2025.
See Access information about product modules in ESET small office and home products for Windows to check installed modules versions.
As previously installed products are patched by the HIPS module update, customers with an ESET product installed and regularly updated do not need to take any action stemming from this advisory.
For new installations, we recommend using the latest installers downloaded from www.eset.com or the ESET repository.
Affected ESET products
- ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security Premium, ESET Security Ultimate
- ESET Small Business Security and ESET Safe Server
- ESET Endpoint Antivirus and ESET Endpoint Security for Windows
- ESET Server Security for Windows Server (formerly File Security for Microsoft Windows Server)
- ESET Mail Security for Microsoft Exchange Server
- ESET Mail Security for IBM Domino
- ESET Security for Microsoft SharePoint Server
- ESET File Security for Microsoft Azure
NOTE: ESET product versions that have reached End of Life might not be listed.
Feedback & Support
If you have feedback or questions about this issue, contact us using the ESET Security Forum, or via local ESET Technical Support.
Acknowledgment
ESET values the principles of coordinated disclosure within the security industry and would like to express our thanks to Freddy Ouzan (@falsneg) of UpSight Security.
Version log
Version 1.0 (August 22, 2025): Initial version of this document
