CVE-2025-4952
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-31

Last updated on: 2025-11-04

Assigner: ESET

Description
Tampering of the registry entries might have led to preventing the ESET security products from starting correctly on the next system startup or to unauthorized changes in the product's configuration.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-31
Last Modified
2025-11-04
Generated
2026-06-16
AI Q&A
2025-11-01
EPSS Evaluated
2026-06-15
NVD
CVE-2025-4952
EUVD
EUVD-2025-37347
Affected Vendors & Products
Showing 12 associated CPEs
Vendor Product Version / Range
eset smart_security_premium *
eset small_business_security *
eset mail_security *
eset security_ultimate *
eset security_for_microsoft_sharepoint_server *
eset safe_server *
eset nod32_antivirus *
eset endpoint_antivirus *
eset endpoint_security *
eset internet_security *
eset file_security_for_microsoft_azure *
eset server_security *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-732 The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-4952 is a medium-severity denial-of-service vulnerability in ESET security products for Windows. It occurs because certain registry entries are not sufficiently protected against modification through Windows APIs NtRestoreKey and NtReplaceKey. An attacker with high privileges can exploit this to alter these registry entries, which may prevent the ESET products from starting correctly after a system reboot or cause unauthorized changes to the product's configuration. [1]

Impact Analysis

If exploited, this vulnerability can prevent ESET security products from starting properly after a system restart or allow unauthorized changes to the product's configuration. This could reduce the effectiveness of your security software, potentially leaving your system less protected against threats. [1]

Detection Guidance

This vulnerability involves tampering with specific registry entries related to ESET security products via Windows APIs NtRestoreKey and NtReplaceKey. Detection would involve checking for unauthorized modifications to these registry entries or failures of ESET products to start correctly after reboot. However, no specific detection commands or tools are provided in the available resources. [1]

Mitigation Strategies

To mitigate this vulnerability, ensure your ESET security products are updated to include the Host-based Intrusion Prevention System (HIPS) support module version 1496 or later. This update provides enhanced protection against registry modifications via the affected APIs. Customers with regularly updated ESET products do not need to take any additional action. For new installations, use the latest installers from ESET’s official sources. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-4952. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart