Trend Micro

Trend Micro, a major cybersecurity software vendor, has a high-severity local privilege escalation vulnerability (CVSS 7.8) that requires local access and low-level user privileges but causes severe damage across confidentiality, integrity, and availability. The vulnerability was discovered by Filip Dragovic and has until November 19, 2025 for a patch, giving the vendor approximately four months to address it. Security teams should monitor for exploitation attempts targeting Trend Micro products in environments where local user accounts may be compromised or untrusted.