CVE-2025-13818
Local Privilege Escesion via Insecure Batch Execution in ESET Agent
Publication date: 2026-02-06
Last updated on: 2026-02-18
Assigner: ESET
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| eset | management_agent | to 12.5.2104.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-367 | The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The CVE-2025-13818 vulnerability is a local privilege escalation issue in the ESET Management Agent for Windows. It occurs because temporary batch files used during command execution are stored in a predictable and writable location on the Windows filesystem.
An attacker with local Administrator privileges can modify these temporary batch files to alter the commands being executed. This allows the attacker to execute code with SYSTEM-level privileges, effectively escalating their privileges from Administrator to SYSTEM.
The vulnerability arises from insecure handling of these temporary batch files during command execution initiated via the ESET PROTECT Web Console.
How can this vulnerability impact me? :
This vulnerability allows an attacker who already has local Administrator access to escalate their privileges to SYSTEM level, which is the highest level of privilege on a Windows system.
With SYSTEM privileges, the attacker can execute arbitrary code with full control over the affected system, potentially leading to unauthorized access, modification, or destruction of data, installation of persistent malware, or disruption of system operations.
Although exploitation requires Administrator access, the impact is significant because it allows bypassing of privilege restrictions and gaining complete control over the system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves insecure handling of temporary batch files stored in a predictable and writable location on the Windows filesystem by the ESET Management Agent. Detection involves verifying the version of the ESET Management Agent installed on your system.
You can check the installed version of the ESET Management Agent via the ESET PROTECT Web Console to determine if it is affected (versions 12.5.2104.0 and earlier are vulnerable).
No specific commands for detecting the vulnerability or scanning for malicious modifications to temporary batch files are provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately verify your ESET Management Agent version using the ESET PROTECT Web Console.
If your version is 12.5.2104.0 or earlier, upgrade the ESET Management Agent to version 13.0.1400.0 or later, where the issue has been fixed by enhancing the security of file operations during command execution.
For new installations, always use the latest installers from ESETβs official sources to ensure you have the patched version.