CVE-2025-49384
BaseFortify
Publication date: 2025-06-17
Last updated on: 2025-08-26
Assigner: Trend Micro, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| trendmicro | maximum_security_2022 | 17.8 |
| microsoft | windows | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-64 | The product, when opening a file or directory, does not sufficiently handle when the file is a Windows shortcut (.LNK) whose target is outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a local privilege escalation issue in Trend Micro Internet Security version 17.8 on Microsoft Windows. It involves a link following flaw that could allow a local attacker to unintentionally delete privileged Trend Micro files, including the software's own files. This means an attacker with low privileges on the system could cause deletion of important security files, potentially compromising the software's operation. [1]
How can this vulnerability impact me? :
The vulnerability can impact you by allowing a local attacker to escalate their privileges and delete critical Trend Micro security files. This can lead to a loss of confidentiality, integrity, and availability of the security software, potentially leaving your system unprotected against threats. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update Trend Micro Internet Security to version 17.8.1464 or later, which includes the patched libraries addressing the issue. The update is available via ActiveUpdate. Additionally, monitor Trend Micro Support and the Zero Day Initiative advisory ZDI-CAN-25876 for further guidance. [1]