CVE-2025-52837
BaseFortify
Publication date: 2025-07-10
Last updated on: 2025-10-03
Assigner: Trend Micro, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| trendmicro | password_manager | to 5.8.0.1330 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-59 | The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource. |
| CWE-64 | The product, when opening a file or directory, does not sufficiently handle when the file is a Windows shortcut (.LNK) whose target is outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Trend Micro Password Manager (Consumer) version 5.8.0.1327 and below allows an attacker to exploit symbolic links and other methods to delete any file or folder on the system. By doing so, the attacker can escalate their privileges, potentially gaining higher access rights than intended.
How can this vulnerability impact me? :
The vulnerability can allow an attacker to delete critical files or folders and escalate their privileges on the affected system. This could lead to unauthorized access, data loss, system instability, or further compromise of the system's security.