EUVD-2025-18561CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Description
Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.
Analysis
Local privilege escalation vulnerability in Trend Micro Security 17.8 (Consumer) that exploits insecure link following to allow a low-privileged local attacker to delete privileged Trend Micro files, potentially compromising the security product's integrity. With a CVSS score of 7.8 and low attack complexity (AC:L), this vulnerability poses a significant risk to consumer systems where privilege escalation could disable or corrupt critical security components. No active exploitation (KEV status) or public POC has been reported at this time, but the low barrier to exploitation (local access with low privileges required) warrants prompt patching.
Technical Context
The vulnerability is rooted in CWE-64 (Improper Control of Generation of Code), which in this context manifests as insecure link/symlink following. Trend Micro Security (CPE likely: cpe:2.3:a:trendmicro:security:17.8:*:*:*:consumer:*:*:*) fails to properly validate symbolic links or shortcut targets before performing file operations with elevated privileges. When a low-privileged user (PR:L) triggers file deletion or maintenance operations, the product follows attacker-controlled links to delete arbitrary privileged files owned by or trusted by Trend Micro processes running at system/administrator level. This is a classic privilege escalation via link-following, where the trust boundary between user-writable directories and privileged operations is not properly maintained.
Affected Products
Trend Micro Security version 17.8 (Consumer variant). The CPE string is likely: cpe:2.3:a:trendmicro:security:17.8:*:*:*:consumer:*:*:* Affected configurations include: Windows systems (most likely) running Trend Micro Security 17.8 in consumer/personal edition. Enterprise editions and older/newer versions may differ in vulnerability status; vendor advisories should confirm scope. No specific vendor advisory URL was provided in the source data; consult Trend Micro's official security bulletins and support pages for patch availability and detailed affected-version lists.
Remediation
Immediate: (1) Update Trend Micro Security to version 18.0 or later (patch version not specified in provided data; consult Trend Micro support portal). (2) Verify the installed version via Control Panel > Programs and Features or Trend Micro's agent console. Interim mitigations (pending patch deployment): (3) Restrict local system access to trusted users only; disable guest accounts and limit service account privileges. (4) Audit file permissions on Trend Micro installation directories (typically C:\Program Files\Trend Micro or equivalent) to ensure they are not writable by unprivileged users. (5) Monitor for symbolic links or shortcuts in user-writable directories (%TEMP%, %APPDATA%) that target Trend Micro files. (6) Run Trend Micro services with minimal required privileges (already standard but verify). Refer to Trend Micro's official security advisory for patch download links and detailed remediation steps; this information was not included in the provided source data.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today