{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-4952", "assignerOrgId": "4a9b9929-2450-4021-b7b9-469a0255b215", "state": "PUBLISHED", "assignerShortName": "ESET", "dateReserved": "2025-05-19T10:36:38.958Z", "datePublished": "2025-10-31T12:28:15.267Z", "dateUpdated": "2025-10-31T14:18:16.911Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["hips"], "platforms": ["Windows"], "product": "ESET NOD32 Antivirus", "vendor": "ESET", "versions": [{"status": "unaffected", "version": "1496", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "modules": ["HIPS support module"], "product": "ESET Internet Security", "vendor": "ESET", "versions": [{"status": "unaffected", "version": "1496"}]}, {"defaultStatus": "unaffected", "modules": ["HIPS support module"], "product": "ESET Smart Security Premium", "vendor": "ESET", "versions": [{"status": "unaffected", "version": "1496"}]}, {"defaultStatus": "unaffected", "modules": ["HIPS support module"], "product": "ESET Security Ultimate", "vendor": "ESET", "versions": [{"status": "unaffected", "version": "1496", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "modules": ["HIPS support module"], "product": "ESET Small Business Security", "vendor": "ESET", "versions": [{"status": "unaffected", "version": "1496", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "modules": ["HIPS support module"], "product": "ESET Safe Server", "vendor": "ESET", "versions": [{"status": "unaffected", "version": "1496", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "modules": ["HIPS support module"], "product": "ESET Endpoint Antivirus", "vendor": "ESET", "versions": [{"status": "unaffected", "version": "1496", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "modules": ["HIPS support module"], "product": "ESET Endpoint Security for Windows", "vendor": "ESET", "versions": [{"status": "unaffected", "version": "1496", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "modules": ["HIPS support module"], "product": "ESET Server Security for Windows Server", "vendor": "ESET", "versions": [{"status": "unaffected", "version": "1496", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "modules": ["HIPS support module"], "product": "ESET Mail Security for Microsoft Exchange Server", "vendor": "ESET", "versions": [{"status": "unaffected", "version": "1496", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "modules": ["HIPS support module"], "product": "ESET Mail Security for IBM Domino", "vendor": "ESET", "versions": [{"status": "unaffected", "version": "1496", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "modules": ["HIPS support module"], "product": "ESET Security for Microsoft SharePoint Server", "vendor": "ESET", "versions": [{"status": "unaffected", "version": "1496", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "modules": ["HIPS support module"], "product": "ESET File Security for Microsoft Azure", "vendor": "ESET", "versions": [{"status": "unaffected", "version": "1496", "versionType": "custom"}]}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:eset:eset_nod32_antivirus:1496:*:windows:*:*:*:*:*", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:eset:eset_internet_security:1496:*:*:*:*:*:*:*", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:eset:eset_smart_security_premium:1496:*:*:*:*:*:*:*", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:eset:eset_security_ultimate:1496:*:*:*:*:*:*:*", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:eset:eset_small_business_security:1496:*:*:*:*:*:*:*", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:eset:eset_safe_server:1496:*:*:*:*:*:*:*", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:eset:eset_endpoint_antivirus:1496:*:*:*:*:*:*:*", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:eset:eset_endpoint_security_for_windows:1496:*:*:*:*:*:*:*", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:eset:eset_server_security_for_windows_server:1496:*:*:*:*:*:*:*", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:eset:eset_mail_security_for_microsoft_exchange_server:1496:*:*:*:*:*:*:*", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:eset:eset_mail_security_for_ibm_domino:1496:*:*:*:*:*:*:*", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:eset:eset_security_for_microsoft_sharepoint_server:1496:*:*:*:*:*:*:*", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:eset:eset_file_security_for_microsoft_azure:1496:*:*:*:*:*:*:*", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "OR"}], "datePublic": "2025-08-22T10:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Tampering of the registry entries might have led to preventing the ESET security products from starting correctly on the next system startup or to unauthorized changes in the product's configuration.</span>"}], "value": "Tampering of the registry entries might have led to preventing the ESET security products from starting correctly on the next system startup or to unauthorized changes in the product's configuration."}], "impacts": [{"capecId": "CAPEC-203", "descriptions": [{"lang": "en", "value": "CAPEC-203 Manipulate Registry Information"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.8, "baseSeverity": "MEDIUM", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-732", "description": "CWE-732 Incorrect Permission Assignment for Critical Resource", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "4a9b9929-2450-4021-b7b9-469a0255b215", "shortName": "ESET", "dateUpdated": "2025-10-31T12:28:15.267Z"}, "references": [{"url": "https://support.eset.com/en/ca8853-eset-customer-advisory-denial-of-service-vulnerability-in-eset-security-products-for-windows-fixed"}], "source": {"advisory": "ca8853", "discovery": "UNKNOWN"}, "title": "Denial-of-service vulnerability in ESET security products for Windows", "x_generator": {"engine": "Vulnogram 0.4.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-31T14:18:06.194469Z", "id": "CVE-2025-4952", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-31T14:18:16.911Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-4952", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-31T14:18:06.194469Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-31T14:18:13.324Z"}}], "cna": {"title": "Denial-of-service vulnerability in ESET security products for Windows", "source": {"advisory": "ca8853", "discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-203", "descriptions": [{"lang": "en", "value": "CAPEC-203 Manipulate Registry Information"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.8, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "ESET", "modules": ["hips"], "product": "ESET NOD32 Antivirus", "versions": [{"status": "unaffected", "version": "1496", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}, {"vendor": "ESET", "modules": ["HIPS support module"], "product": "ESET Internet Security", "versions": [{"status": "unaffected", "version": "1496"}], "defaultStatus": "unaffected"}, {"vendor": "ESET", "modules": ["HIPS support module"], "product": "ESET Smart Security Premium", "versions": [{"status": "unaffected", "version": "1496"}], "defaultStatus": "unaffected"}, {"vendor": "ESET", "modules": ["HIPS support module"], "product": "ESET Security Ultimate", "versions": [{"status": "unaffected", "version": "1496", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "ESET", "modules": ["HIPS support module"], "product": "ESET Small Business Security", "versions": [{"status": "unaffected", "version": "1496", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "ESET", "modules": ["HIPS support module"], "product": "ESET Safe Server", "versions": [{"status": "unaffected", "version": "1496", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "ESET", "modules": ["HIPS support module"], "product": "ESET Endpoint Antivirus", "versions": [{"status": "unaffected", "version": "1496", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "ESET", "modules": ["HIPS support module"], "product": "ESET Endpoint Security for Windows", "versions": [{"status": "unaffected", "version": "1496", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "ESET", "modules": ["HIPS support module"], "product": "ESET Server Security for Windows Server", "versions": [{"status": "unaffected", "version": "1496", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "ESET", "modules": ["HIPS support module"], "product": "ESET Mail Security for Microsoft Exchange Server", "versions": [{"status": "unaffected", "version": "1496", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "ESET", "modules": ["HIPS support module"], "product": "ESET Mail Security for IBM Domino", "versions": [{"status": "unaffected", "version": "1496", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "ESET", "modules": ["HIPS support module"], "product": "ESET Security for Microsoft SharePoint Server", "versions": [{"status": "unaffected", "version": "1496", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "ESET", "modules": ["HIPS support module"], "product": "ESET File Security for Microsoft Azure", "versions": [{"status": "unaffected", "version": "1496", "versionType": "custom"}], "defaultStatus": "unaffected"}], "datePublic": "2025-08-22T10:00:00.000Z", "references": [{"url": "https://support.eset.com/en/ca8853-eset-customer-advisory-denial-of-service-vulnerability-in-eset-security-products-for-windows-fixed"}], "x_generator": {"engine": "Vulnogram 0.4.0"}, "descriptions": [{"lang": "en", "value": "Tampering of the registry entries might have led to preventing the ESET security products from starting correctly on the next system startup or to unauthorized changes in the product's configuration.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Tampering of the registry entries might have led to preventing the ESET security products from starting correctly on the next system startup or to unauthorized changes in the product's configuration.</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-732", "description": "CWE-732 Incorrect Permission Assignment for Critical Resource"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:eset:eset_nod32_antivirus:1496:*:windows:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:eset:eset_internet_security:1496:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:eset:eset_smart_security_premium:1496:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:eset:eset_security_ultimate:1496:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:eset:eset_small_business_security:1496:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:eset:eset_safe_server:1496:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:eset:eset_endpoint_antivirus:1496:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:eset:eset_endpoint_security_for_windows:1496:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:eset:eset_server_security_for_windows_server:1496:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:eset:eset_mail_security_for_microsoft_exchange_server:1496:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:eset:eset_mail_security_for_ibm_domino:1496:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:eset:eset_security_for_microsoft_sharepoint_server:1496:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:eset:eset_file_security_for_microsoft_azure:1496:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "4a9b9929-2450-4021-b7b9-469a0255b215", "shortName": "ESET", "dateUpdated": "2025-10-31T12:28:15.267Z"}}}, "cveMetadata": {"cveId": "CVE-2025-4952", "state": "PUBLISHED", "dateUpdated": "2025-10-31T14:18:16.911Z", "dateReserved": "2025-05-19T10:36:38.958Z", "assignerOrgId": "4a9b9929-2450-4021-b7b9-469a0255b215", "datePublished": "2025-10-31T12:28:15.267Z", "assignerShortName": "ESET"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Tampering of the registry entries might have led to preventing the ESET security products from starting correctly on the next system startup or to unauthorized changes in the product's configuration."}], "id": "CVE-2025-4952", "lastModified": "2025-11-04T15:41:31.450", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-10-31T13:15:34.173", "references": [{"source": "[email protected]", "url": "https://support.eset.com/en/ca8853-eset-customer-advisory-denial-of-service-vulnerability-in-eset-security-products-for-windows-fixed"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "[email protected]", "type": "Secondary"}]}

{}