CVE-2025-52521
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-10

Last updated on: 2025-08-26

Assigner: Trend Micro, Inc.

Description
Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-10
Last Modified
2025-08-26
Generated
2026-05-07
AI Q&A
2025-07-10
EPSS Evaluated
2026-05-05
NVD
CVE-2025-52521
EUVD
EUVD-2025-21040
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
trendmicro maximum_security_2022 17.8
microsoft windows *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-64 The product, when opening a file or directory, does not sufficiently handle when the file is a Windows shortcut (.LNK) whose target is outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in Trend Micro Security 17.8 (Consumer) involves a local privilege escalation through link following. A local attacker could exploit this to unintentionally delete privileged Trend Micro files, including files belonging to the security software itself.


How can this vulnerability impact me? :

The vulnerability can lead to deletion of important privileged files of Trend Micro Security software, potentially compromising the security software's integrity and functionality. This could result in reduced protection against threats and increased risk of system compromise.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart