CVE-2025-52837
10.07.2025, 19:15
Trend Micro Password Manager (Consumer) version 5.8.0.1327 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow an attacker the opportunity to abuse symbolic links and other methods to delete any file/folder and achieve privilege escalation.
| Vendor | Product | Version |
|---|---|---|
| trendmicro | password_manager | 𝑥 < 5.8.0.1330 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-64 - Windows Shortcut Following (.LNK)The software, when opening a file or directory, does not sufficiently handle when the file is a Windows shortcut (.LNK) whose target is outside of the intended control sphere. This could allow an attacker to cause the software to operate on unauthorized files.
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.