Skip to main content

Trend Micro CVE-2025-52521

| EUVD-2025-21040 HIGH
Windows Shortcut Following (.LNK) (CWE-64)
2025-07-10 security@trendmicro.com
Privilege Escalation Path Traversal Trend Micro Maximum Security 2022
7.8
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Analysis Updated
Apr 16, 2026 - 06:28 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
17.8.1476
EUVD ID Assigned
Mar 16, 2026 - 06:52 euvd
EUVD-2025-21040
Analysis Generated
Mar 16, 2026 - 06:52 vuln.today
CVE Published
Jul 10, 2025 - 19:15 nvd
HIGH 7.8

DescriptionNVD

Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.

AnalysisAI

Trend Micro Security 17.8 for consumer platforms contains a local privilege escalation vulnerability via improper symlink handling (CWE-64: Improper Link Resolution Before File Access) that allows a local attacker with limited privileges to delete or modify critical Trend Micro system files without user interaction. The vulnerability affects Trend Micro Security 17.8 specifically and carries a CVSS 3.1 score of 7.8 (High) with local attack vector; KEV status, EPSS score, and active exploitation data are not provided in available sources, limiting real-world risk quantification.

Technical ContextAI

This vulnerability exploits improper symlink (symbolic link) resolution in the Trend Micro Security application's file handling routines. CWE-64 (Improper Link Resolution Before File Access / 'Link Following') occurs when an application fails to validate or safely handle symbolic links, allowing an attacker to redirect file operations to unintended locations. In this case, a local attacker with PR:L (low privileges, typically a standard user account) can create malicious symbolic links that the Trend Micro Security process—running with elevated privileges—will follow without validation. When the privileged process attempts to access or delete files it intends to manage, it inadvertently operates on attacker-controlled targets instead. This affects Trend Micro Security consumer product line, version 17.8, which typically runs with system-level or administrative privileges for antivirus and security operations. The AC:L (Low Attack Complexity) and UI:N (No User Interaction) factors indicate the exploit requires no special conditions or social engineering.

RemediationAI

  1. IMMEDIATE: Update Trend Micro Security to the latest available version (post-17.8 patch release expected from Trend Micro; typically 17.9 or later hotfix). 2. VENDOR ADVISORY: Consult Trend Micro's official security advisory for CVE-2025-52521 at https://www.trendmicro.com/en_us/about/security.html (check support portal for specific patch details). 3. TEMPORARY MITIGATIONS (pending patch): Restrict local user account privileges where feasible; disable Trend Micro file integrity monitoring or automatic file deletion features if available in settings; monitor file system for suspicious symlink creation in Trend Micro working directories (e.g., C:\ProgramData\Trend Micro\). 4. POST-PATCH: Verify successful installation and confirm Trend Micro Security reports version post-17.8; perform a full system scan to ensure no files were tampered with during the vulnerability window.

Share

CVE-2025-52521 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy