CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53503 – Trend Micro Cleaner One Pro Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-53503
10 Jul 2025 — Trend Micro Cleaner One Pro is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own. This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Cleaner One Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Junk Files Cleanup functional... • https://helpcenter.trendmicro.com/en-us/article/tmka-12951 • CWE-64: Windows Shortcut Following (.LNK) •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53378 – Trend Micro Worry-Free Business Security Missing Authentication Vulnerability
https://notcve.org/view.php?id=CVE-2025-53378
10 Jul 2025 — A missing authentication vulnerability in Trend Micro Worry-Free Business Security Services (WFBSS) agent could have allowed an unauthenticated attacker to remotely take control of the agent on affected installations. Also note: this vulnerability only affected the SaaS client version of WFBSS only, meaning the on-premise version of Worry-Free Business Security was not affected, and this issue was addressed in a WFBSS monthly maintenance update. Therefore no other customer action is required to mitigate if ... • https://success.trendmicro.com/en-US/solution/KA-0019936 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-52521 – Trend Micro Maximum Security Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-52521
08 Jul 2025 — Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own. This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within th... • https://helpcenter.trendmicro.com/en-us/article/tmka-18876 • CWE-64: Windows Shortcut Following (.LNK) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-52837 – Trend Micro Password Manager Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-52837
08 Jul 2025 — Trend Micro Password Manager (Consumer) version 5.8.0.1327 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow an attacker the opportunity to abuse symbolic links and other methods to delete any file/folder and achieve privilege escalation. This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Password Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order ... • https://helpcenter.trendmicro.com/en-us/article/TMKA-12946 • CWE-64: Windows Shortcut Following (.LNK) •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49214
https://notcve.org/view.php?id=CVE-2025-49214
17 Jun 2025 — An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a post-authentication remote code execution on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability. • https://success.trendmicro.com/en-US/solution/KA-0019928 • CWE-477: Use of Obsolete Function •
CVSS: 8.7EPSS: 0%CPEs: 3EXPL: 0CVE-2025-49154
https://notcve.org/view.php?id=CVE-2025-49154
17 Jun 2025 — An insecure access control vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security could allow a local attacker to overwrite key memory-mapped files which could then have severe consequences for the security and stability of affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. • https://success.trendmicro.com/en-US/solution/KA-0019917 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49384 – Trend Micro Internet Security Platinum Host Service Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-49384
17 Jun 2025 — Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own. This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Internet Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within t... • https://helpcenter.trendmicro.com/en-us/article/TMKA-11112 • CWE-64: Windows Shortcut Following (.LNK) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49385 – Trend Micro Maximum Security Platinum Host Service Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-49385
13 Jun 2025 — Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own. This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within th... • https://helpcenter.trendmicro.com/en-us/article/TMKA-18461 • CWE-64: Windows Shortcut Following (.LNK) •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48443 – Trend Micro Password Manager Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-48443
11 Jun 2025 — Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Local Privilege Escalation Vulnerability that could allow a local attacker to leverage this vulnerability to delete files in the context of an administrator when the administrator installs Trend Micro Password Manager. This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Password Manager. An attacker must first obtain the ability to execute low-privilege... • https://helpcenter.trendmicro.com/en-us/article/TMKA-12917 • CWE-64: Windows Shortcut Following (.LNK) •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-49155 – Trend Micro Apex One Data Loss Prevention Uncontrolled Search Path Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-49155
11 Jun 2025 — An uncontrolled search path vulnerability in the Trend Micro Apex One Data Loss Prevention module could allow an attacker to inject malicious code leading to arbitrary code execution on affected installations. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex One Security Agent. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the... • https://success.trendmicro.com/en-US/solution/KA-0019917 • CWE-427: Uncontrolled Search Path Element •