CVE-2025-52837

| EUVD-2025-21041 HIGH
2025-07-10 [email protected]
7.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 16, 2026 - 06:52 euvd
EUVD-2025-21041
Analysis Generated
Mar 16, 2026 - 06:52 vuln.today
CVE Published
Jul 10, 2025 - 19:15 nvd
HIGH 7.8

Tags

Privilege Escalation Password Manager

Description

Trend Micro Password Manager (Consumer) version 5.8.0.1327 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow an attacker the opportunity to abuse symbolic links and other methods to delete any file/folder and achieve privilege escalation.

Analysis

Trend Micro Password Manager (Consumer) versions 5.8.0.1327 and below contains a privilege escalation vulnerability exploiting symbolic link following and file/folder deletion capabilities. An authenticated local attacker with low privileges can leverage this vulnerability to delete arbitrary files and escalate privileges on the affected system. While no active exploitation in the wild has been publicly confirmed as of this analysis, the local attack vector and straightforward nature of symbolic link exploitation represent meaningful risk to Password Manager users.

Technical Context

This vulnerability (CWE-64: Improper Link Following) represents a classic insecure file operation flaw where Trend Micro Password Manager fails to safely validate file paths before performing privileged operations. The vulnerability allows attackers to create or manipulate symbolic links in predictable locations that the Password Manager process (likely running with elevated privileges or in a protected context) will follow without proper validation. When the application dereferences these malicious symlinks during file deletion or maintenance operations, it operates on attacker-controlled targets rather than intended files. This is a common vulnerability class in privileged service/daemon applications that perform file operations without using secure alternatives (e.g., O_NOFOLLOW flags, realpath validation, or secure temp file handling). The affected CPE scope is specifically Trend Micro Password Manager Consumer edition, version 5.8.0.1327 and all earlier versions.

Affected Products

Password Manager (Consumer) (5.8.0.1327 and all earlier versions)

Remediation

Upgrade Trend Micro Password Manager (Consumer) to version 5.8.0.1328 or later. Check Trend Micro Security Support Portal for the latest available version and patch release notes.; priority: High Workaround (Temporary): Restrict local user access and limit unprivileged user accounts that can interact with Password Manager processes. Run Password Manager with minimal required privileges if possible. Monitor for suspicious file deletion operations in system logs.; priority: Medium Mitigation: Implement file integrity monitoring on critical system directories. Use host-based intrusion detection to alert on suspicious symbolic link creation in predictable temp or application directories. Enforce strict file permission policies.; priority: Medium Detection: Monitor for creation of symbolic links in %TEMP%, %APPDATA%, and Password Manager installation directories by non-administrative users. Review event logs for unexpected file deletion operations initiated by Password Manager process.; priority: Medium

Priority Score

39
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +39
POC: 0

Share

CVE-2025-52837 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy