CVE-2025-2425 MEDIUM

CVE-2025-2425: TOCTOU race condition vulnerability in ESET products on Windows

Vendor Eset, Spol. S.r.o
Product ESET NOD32 Antivirus
Weakness CWE-367
Published July 18, 2025
Last update July 18, 2025

CVSS base score

5.1/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Time-of-check to time-of-use race condition vulnerability potentially allowed an attacker to use the installed ESET security software to clear the content of an arbitrary file on the file system.

Key dates

02Disclosure timeline

July 18, 2025 CVE published
July 18, 2025 Record updated

Related vulnerabilities

04Related CVE