CVE-2025-5028 MEDIUM

CVE-2025-5028: Arbitrary file deletion vulnerability in ESET product installers

Vendor Eset, Spol. S.r.o
Product ESET NOD32 Antivirus
Weakness CWE-269
Published July 11, 2025
Last update July 11, 2025

CVSS base score

6.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Installation file of ESET security products on Windows allow an attacker to misuse to delete an arbitrary file without having the permissions to do so.

Key dates

02Disclosure timeline

July 11, 2025 CVE published
July 11, 2025 Record updated