CVE-2025-4952
BaseFortify
Publication date: 2025-10-31
Last updated on: 2025-11-04
Assigner: ESET
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| eset | smart_security_premium | * |
| eset | small_business_security | * |
| eset | mail_security | * |
| eset | security_ultimate | * |
| eset | security_for_microsoft_sharepoint_server | * |
| eset | safe_server | * |
| eset | nod32_antivirus | * |
| eset | endpoint_antivirus | * |
| eset | endpoint_security | * |
| eset | internet_security | * |
| eset | file_security_for_microsoft_azure | * |
| eset | server_security | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-732 | The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-4952 is a medium-severity denial-of-service vulnerability in ESET security products for Windows. It occurs because certain registry entries are not sufficiently protected against modification through Windows APIs NtRestoreKey and NtReplaceKey. An attacker with high privileges can exploit this to alter these registry entries, which may prevent the ESET products from starting correctly after a system reboot or cause unauthorized changes to the product's configuration. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability can prevent ESET security products from starting properly after a system restart or allow unauthorized changes to the product's configuration. This could reduce the effectiveness of your security software, potentially leaving your system less protected against threats. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves tampering with specific registry entries related to ESET security products via Windows APIs NtRestoreKey and NtReplaceKey. Detection would involve checking for unauthorized modifications to these registry entries or failures of ESET products to start correctly after reboot. However, no specific detection commands or tools are provided in the available resources. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure your ESET security products are updated to include the Host-based Intrusion Prevention System (HIPS) support module version 1496 or later. This update provides enhanced protection against registry modifications via the affected APIs. Customers with regularly updated ESET products do not need to take any additional action. For new installations, use the latest installers from ESETβs official sources. [1]