CVE-2025-13818
Unknown Unknown - Not Provided
Local Privilege Escesion via Insecure Batch Execution in ESET Agent

Publication date: 2026-02-06

Last updated on: 2026-02-18

Assigner: ESET

Description
Local privilege escalation vulnerability via insecure temporary batch file execution in ESET Management Agent
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-06
Last Modified
2026-02-18
Generated
2026-06-16
AI Q&A
2026-02-06
EPSS Evaluated
2026-06-15
NVD
CVE-2025-13818
EUVD
EUVD-2025-206890
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
eset management_agent to 12.5.2104.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-367 The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The CVE-2025-13818 vulnerability is a local privilege escalation issue in the ESET Management Agent for Windows. It occurs because temporary batch files used during command execution are stored in a predictable and writable location on the Windows filesystem.

An attacker with local Administrator privileges can modify these temporary batch files to alter the commands being executed. This allows the attacker to execute code with SYSTEM-level privileges, effectively escalating their privileges from Administrator to SYSTEM.

The vulnerability arises from insecure handling of these temporary batch files during command execution initiated via the ESET PROTECT Web Console.

Impact Analysis

This vulnerability allows an attacker who already has local Administrator access to escalate their privileges to SYSTEM level, which is the highest level of privilege on a Windows system.

With SYSTEM privileges, the attacker can execute arbitrary code with full control over the affected system, potentially leading to unauthorized access, modification, or destruction of data, installation of persistent malware, or disruption of system operations.

Although exploitation requires Administrator access, the impact is significant because it allows bypassing of privilege restrictions and gaining complete control over the system.

Compliance Impact

I don't know

Detection Guidance

This vulnerability involves insecure handling of temporary batch files stored in a predictable and writable location on the Windows filesystem by the ESET Management Agent. Detection involves verifying the version of the ESET Management Agent installed on your system.

You can check the installed version of the ESET Management Agent via the ESET PROTECT Web Console to determine if it is affected (versions 12.5.2104.0 and earlier are vulnerable).

No specific commands for detecting the vulnerability or scanning for malicious modifications to temporary batch files are provided in the available resources.

Mitigation Strategies

To mitigate this vulnerability, immediately verify your ESET Management Agent version using the ESET PROTECT Web Console.

If your version is 12.5.2104.0 or earlier, upgrade the ESET Management Agent to version 13.0.1400.0 or later, where the issue has been fixed by enhancing the security of file operations during command execution.

For new installations, always use the latest installers from ESET’s official sources to ensure you have the patched version.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-13818. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart