CVE-2025-5028

Installation file of ESET security products on Windows allow an attacker to misuse to delete an arbitrary file without having the permissions to do so.

CVSS

No CVSS.

References

Link	Resource
https://support.eset.com/en/ca8838-arbitrary-file-deletion-vulnerability-in-eset-product-installers-on-windows-fixed

Configurations

No configuration.

History

15 Jul 2025, 13:14

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-11 07:15

Updated : 2025-07-15 13:14

NVD link : CVE-2025-5028

Mitre link : CVE-2025-5028

CVE.ORG link : CVE-2025-5028

JSON object : View

Products Affected

No product.

CWE

CWE-269

Improper Privilege Management

{"id": "CVE-2025-5028", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security@eset.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.8, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-07-11T07:15:23.940", "references": [{"url": "https://support.eset.com/en/ca8838-arbitrary-file-deletion-vulnerability-in-eset-product-installers-on-windows-fixed", "source": "security@eset.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security@eset.com", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "Installation file of ESET security products on Windows \n\nallow an attacker to misuse\u00a0to delete an arbitrary file without having the permissions to do so."}, {"lang": "es", "value": "Los archivos de instalaci\u00f3n de los productos de seguridad de ESET en Windows permiten que un atacante haga un mal uso de ellos para eliminar un archivo arbitrario sin tener los permisos para hacerlo."}], "lastModified": "2025-07-15T13:14:49.980", "sourceIdentifier": "security@eset.com"}

CVE-2025-5028

JSON object

Attach tags to CVE-2025-5028

Attach tags to `CVE-2025-5028`