7.8
CVE-2025-52837
- EPSS 0.15%
- Veröffentlicht 10.07.2025 18:57:50
- Zuletzt bearbeitet 03.10.2025 00:48:03
- Quelle security@trendmicro.com
- CVE-Watchlists
- Unerledigt
Trend Micro Password Manager (Consumer) version 5.8.0.1327 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow an attacker the opportunity to abuse symbolic links and other methods to delete any file/folder and achieve privilege escalation.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Trendmicro ≫ Password Manager SwPlatformwindows Version < 5.8.0.1330
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.15% | 0.047 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@trendmicro.com | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-59 Improper Link Resolution Before File Access ('Link Following')
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
CWE-64 Windows Shortcut Following (.LNK)
The product, when opening a file or directory, does not sufficiently handle when the file is a Windows shortcut (.LNK) whose target is outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://helpcenter.trendmicro.com/en-us/article/TMKA-12946
https://www.zerodayinitiative.com/advisories/ZDI-25-586/