What is the CVSS score of CVE-2025-48443?

CVE-2025-48443 has a CVSS 3.1 base score of 6.7 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Password Manager are affected by CVE-2025-48443?

CVE-2025-48443 presents notable security risk rated CVSS 6.7. Exploitation could compromise the security of affected deployments.. A patch is available.

How to fix or mitigate CVE-2025-48443?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Password Manager CVE-2025-48443

EUVD-2025-18565 MEDIUM

Windows Shortcut Following (.LNK) (CWE-64)

2025-06-17 security@trendmicro.com

Privilege Escalation Password Manager

6.7

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

6.7 MEDIUM

AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch available

Apr 16, 2026 - 05:29 EUVD

5.8.0.1330

EUVD ID Assigned

Mar 14, 2026 - 22:15 euvd

EUVD-2025-18565

Analysis Generated

Mar 14, 2026 - 22:15 vuln.today

CVE Published

Jun 17, 2025 - 21:15 nvd

MEDIUM 6.7

DescriptionCVE.org

Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Local Privilege Escalation Vulnerability that could allow a local attacker to leverage this vulnerability to delete files in the context of an administrator when the administrator installs Trend Micro Password Manager.

Analysis

Technical ContextAI

Privilege escalation allows a low-privileged user or process to gain elevated permissions beyond what was originally authorized.

RemediationAI

Apply the principle of least privilege. Keep systems patched. Monitor for suspicious privilege changes. Use mandatory access controls (SELinux, AppArmor).