Trend Micro

Trend Micro, a major cybersecurity software vendor, has a high-severity local privilege escalation vulnerability (CVSS 7.8) that requires local access and user-level privileges but requires no user interaction to exploit, giving an attacker complete control over confidentiality, integrity, and availability of the system. The vulnerability was discovered by a security researcher and disclosed on September 11, 2025, with a vendor patch deadline of January 9, 2026. Security teams should prioritize monitoring for exploitation attempts on Trend Micro products and prepare patch deployment strategies before the January deadline.