Brand ClaimErleben, was verbindet

Advisory 2025-2292 - Multiple ESET Products: Vulnerability allows Denial of Service

Achtung: You can now also find information from the Vulnerability Advisory Service in the CTI portal!
The CTI portal is available at the following address: https://cti-portal.telekom.net/advisories/2025-2292
Notice: This advisory is by exception shown completely public. You will regularly receive details on vulnerability information as a customer via your login or through our daily advisory e-mail.
2
Attack probability
low-medium
3
Potential damage
medium
local attacker
Date
2025-11-03
Release
2025-11-03

Operating System

  • Windows

Software

  • ESET Endpoint Security
  • ESET NOD32 Antivirus
  • ESET Server Security

Attack

A local attacker can exploit a vulnerability in ESET NOD32 Antivirus, ESET Endpoint Security and ESET Server Security in order to create a Denial of Service condition.

Description

Eset NOD32 Antivirus is an internet security solution. ESET Endpoint Security is a multi-layered, cross-platform security solution for client systems. ESET Server Security is a security solution for file servers to protect against e.g. malware.

CVE-2025-4952

A security vulnerability exists in ESET NOD32 Antivirus, ESET Endpoint Security, and ESET Server Security. The vulnerability lies in the lack of protection of the registry entries of the affected products against modification using the Windows APIs NtRestoreKey and NtReplaceKey. Modifying these registry entries can have resulted in the affected ESET security products failing to start correctly on the next system boot or leading to unauthorized changes in the product configuration. A local attacker can exploit this vulnerability to cause a denial of service.

CVSSv2 Base Score: 6.2 / Temporal Score: 4.6
AV:L/AC:L/AU:S/C:N/I:C/A:C/E:U/RL:OF/RC:ND
CVSSv3.1 Base Score: 6.0 / Temporal Score: 5.2
AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:X

Recommendation

ESET provides updates. Please update your installation and see the vendor's advisory to find the proper version suitable for your environment.
https://support.eset.com/en/ca8853-eset-customer-advisory-denial-of-service-vulnerability-in-eset-security-products-for-windows-fixed

Information

ESET Customer Advisory dated 2025-11-02
https://support.eset.com/en/ca8853-eset-customer-advisory-denial-of-service-vulnerability-in-eset-security-products-for-windows-fixed

GitHub Advisory Database dated 2025-11-02
https://github.com/advisories/GHSA-M69P-R3H8-6WPR

References

CVE:CVE-2025-4952
EUVD:EUVD-2025-37347

Disclaimer

*The probability of an attack is determined by the attacker's motivation, the necessary expend and the possibilities for an attack. The damage probability is determined by the expend needed to resolute the attack and probable indirect consequences of an attack for business processes. Telekom Security assumes worst case scenarios.

Copyright © 1999-2025 Deutsche Telekom Security GmbH. All rights reserved. Reproduction and distribution of this publication in any form - even in parts - without prior written permission is forbidden.

The information contained herein has been obtained from sources believed to be reliable and trusted or have been verified. Telekom Security can take liability for completeness, accuracy and correctness only in so far, as gross negligence or intention create liability. Any liability beyond it, in particular possible damages resulting from using or non-usability of the information contained herein, is excluded.