CVE-2025-13818 – ESET Management Agent for Windows Security Update
“Security software must defend the system — not open a path to higher privileges.”
CVE-2025-13818 is a high-severity vulnerability (CVSS 7.8) affecting ESET Management Agent for Windows. The issue involves improper privilege handling within the agent service that could allow a local user to elevate privileges on the affected system.
An attacker with local access could exploit this flaw to execute code with elevated permissions, potentially gaining SYSTEM-level control. Successful exploitation could allow installation of programs, modification of security configurations, disabling of protections, or broader compromise of the endpoint. Because the Management Agent operates with high privileges and communicates with centralized management infrastructure, abuse could weaken overall enterprise security posture.
ESET has released updates to address this vulnerability in supported versions of the Management Agent for Windows.
Key Details
- Affected Product
- Eset Management Agent
- Attack Vector
- Local
- Attack Complexity
- Low
- Privileges Required
- High
- User Interaction
- None
- CWE Classification
- CWE-367