CVE-2025-48443

Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Local Privilege Escalation Vulnerability that could allow a local attacker to leverage this vulnerability to delete files in the context of an administrator when the administrator installs Trend Micro Password Manager.

CVSS v3 6.7 MEDIUM

6.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://helpcenter.trendmicro.com/en-us/article/TMKA-12917	Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-25-361/	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:trendmicro:password_manager:*:*:*:*:*:windows:*:*

History

27 Aug 2025, 02:33

Type	Values Removed	Values Added
CPE		cpe:2.3:a:trendmicro:password_manager::::::windows::*
Summary		(es) Trend Micro Password Manager (Consumer) versión 5.0.0.1266 y anteriores es afectado por una vulnerabilidad de escalada de privilegios locales siguiendo un enlace que podría permitir que un atacante local aproveche esta vulnerabilidad para eliminar archivos en el contexto de un administrador cuando el administrador instala Trend Micro Password Manager.
First Time		Trendmicro Trendmicro password Manager
References	~~() https://helpcenter.trendmicro.com/en-us/article/TMKA-12917 -~~	() https://helpcenter.trendmicro.com/en-us/article/TMKA-12917 - Vendor Advisory
References	~~() https://www.zerodayinitiative.com/advisories/ZDI-25-361/ -~~	() https://www.zerodayinitiative.com/advisories/ZDI-25-361/ - Third Party Advisory

17 Jun 2025, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-17 21:15

Updated : 2025-08-27 02:33

NVD link : CVE-2025-48443

Mitre link : CVE-2025-48443

CVE.ORG link : CVE-2025-48443

JSON object : View

Products Affected

trendmicro

password_manager

CWE

CWE-64

Windows Shortcut Following (.LNK)

{"id": "CVE-2025-48443", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@trendmicro.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 1.3}]}, "published": "2025-06-17T21:15:38.503", "references": [{"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-12917", "tags": ["Vendor Advisory"], "source": "security@trendmicro.com"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-361/", "tags": ["Third Party Advisory"], "source": "security@trendmicro.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@trendmicro.com", "description": [{"lang": "en", "value": "CWE-64"}]}], "descriptions": [{"lang": "en", "value": "Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Local Privilege Escalation Vulnerability that could allow a local attacker to leverage this vulnerability to delete files in the context of an administrator when the administrator installs Trend Micro Password Manager."}, {"lang": "es", "value": "Trend Micro Password Manager (Consumer) versi\u00f3n 5.0.0.1266 y anteriores es afectado por una vulnerabilidad de escalada de privilegios locales siguiendo un enlace que podr\u00eda permitir que un atacante local aproveche esta vulnerabilidad para eliminar archivos en el contexto de un administrador cuando el administrador instala Trend Micro Password Manager."}], "lastModified": "2025-08-27T02:33:20.480", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:trendmicro:password_manager:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "B2DE58F6-8180-4144-9FE0-D998C64ABDA9", "versionEndExcluding": "5.8.0.1330"}], "operator": "OR"}]}], "sourceIdentifier": "security@trendmicro.com"}