Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
6DescriptionCVE.org
Trend Micro Cleaner One Pro is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.
AnalysisAI
CVE-2025-53503 is a privilege escalation vulnerability in Trend Micro Cleaner One Pro that allows a local attacker with low privileges to delete critical Trend Micro system files, potentially including the security software itself. The CVSS 7.8 score reflects high impact across confidentiality, integrity, and availability. No public exploit code or active exploitation in the wild has been confirmed at this time, but the vulnerability requires only low privileges and no user interaction, making it a material risk for environments running this product.
Technical ContextAI
This vulnerability is rooted in CWE-64 (Improper Protection of Mass Assignment), which typically involves insufficient validation of file operations and access controls. Trend Micro Cleaner One Pro, a system optimization and security utility, likely fails to properly validate or restrict file deletion operations when invoked by low-privileged local users. The flaw allows an attacker to leverage the application's elevated execution context (or inadequate privilege boundary enforcement) to delete files outside the intended scope, including privileged Trend Micro system files. This represents a failure in proper privilege compartmentalization and file-based access control enforcement within the application's cleanup/deletion routines.
RemediationAI
- Immediate patch: Apply the latest version of Trend Micro Cleaner One Pro from Trend Micro's official website or through the application's built-in update mechanism. 2. Verify patch availability: Check Trend Micro's security advisory page for CVE-2025-53503 to confirm availability and version numbers. 3. Workaround (if patch unavailable): Restrict local system access and disable Trend Micro Cleaner One Pro file deletion features for non-administrator accounts if the application allows granular permission controls. 4. Detection: Monitor system event logs for unexpected file deletions of Trend Micro-related system files (typically in Program Files\Trend Micro). 5. Rollback: If patching is not immediately possible, consider temporarily uninstalling or disabling the application and relying on alternative system optimization tools.
More in Trend Micro
View allOn the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows
A command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone parameter in
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitr
Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote att
Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote att
SnmpUtils in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330
An issue was discovered in Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600. Rated high severity (C
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 before CP 1644 has XSS. Rated medium severity (CV
SQL Injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attac
The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url para
An Unauthorized Memory Corruption vulnerability in Trend Micro OfficeScan 11.0 and XG may allow remote unauthenticated u
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authent
Same weakness CWE-64 – Windows Shortcut Following (.LNK)
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-21043