CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-49384: Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker...

7.8 CVSS

Description

Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.

Classification

CVE ID: CVE-2025-49384

CVSS Base Severity: HIGH

CVSS Base Score: 7.8

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem Types

CWE-64: Windows Shortcut Following

Affected Products

Vendor: Trend Micro, Inc.

Product: Trend Micro Internet Security (Consumer)

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 4.24% (scored less or equal to compared to others)

EPSS Date: 2025-06-30 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-49384
https://helpcenter.trendmicro.com/en-us/article/TMKA-11112

Timeline

2025-06-17 21:40:12 UTC
CVE

Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker...
2025-06-23 02:30:34 UTC
Japan Vulnerability Notes (JVN)

Trend Micro Internet Security and Trend Micro Maximum Security vulnerable to link following local privilege escalation (CVE-2025-49384, CVE-2025-49...