CVE-2025-2425

Time-of-check to time-of-use race condition vulnerability potentially allowed an attacker to use the installed ESET security software to clear the content of an arbitrary file on the file system.

CVSS

No CVSS.

References

Link	Resource
https://support.eset.com/en/ca8840-eset-customer-advisory-toctou-race-condition-vulnerability-in-eset-products-on-windows-fixed

Configurations

No configuration.

History

22 Jul 2025, 13:06

Type	Values Removed	Values Added
Summary		(es) La vulnerabilidad de condición de ejecución de tiempo de verificación a tiempo de uso potencialmente permitió que un atacante usara el software de seguridad ESET instalado para borrar el contenido de un archivo arbitrario en el sistema de archivos.

18 Jul 2025, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-18 10:15

Updated : 2025-07-22 13:06

NVD link : CVE-2025-2425

Mitre link : CVE-2025-2425

CVE.ORG link : CVE-2025-2425

JSON object : View

Products Affected

No product.

CWE

CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

{"id": "CVE-2025-2425", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security@eset.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.1, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-07-18T10:15:30.050", "references": [{"url": "https://support.eset.com/en/ca8840-eset-customer-advisory-toctou-race-condition-vulnerability-in-eset-products-on-windows-fixed", "source": "security@eset.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security@eset.com", "description": [{"lang": "en", "value": "CWE-367"}]}], "descriptions": [{"lang": "en", "value": "Time-of-check to time-of-use race condition vulnerability potentially allowed an attacker to use the installed ESET security software to clear the content of an arbitrary file on the file system."}, {"lang": "es", "value": "La vulnerabilidad de condici\u00f3n de ejecuci\u00f3n de tiempo de verificaci\u00f3n a tiempo de uso potencialmente permiti\u00f3 que un atacante usara el software de seguridad ESET instalado para borrar el contenido de un archivo arbitrario en el sistema de archivos."}], "lastModified": "2025-07-22T13:06:27.983", "sourceIdentifier": "security@eset.com"}