CVE-2025-48443

Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Local Privilege Escalation Vulnerability that could allow a local attacker to leverage this vulnerability to delete files in the context of an administrator when the administrator installs Trend Micro Password Manager.

CVSS v3 6.7 MEDIUM

6.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://helpcenter.trendmicro.com/en-us/article/TMKA-12917	Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-25-361/	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:trendmicro:password_manager:*:*:*:*:*:windows:*:*

History

No history.

Information

Published : 2025-06-17 21:15

Updated : 2025-08-27 02:33

NVD link : CVE-2025-48443

Mitre link : CVE-2025-48443

CVE.ORG link : CVE-2025-48443

JSON object : View

Products Affected

trendmicro

password_manager

CWE

CWE-64

Windows Shortcut Following (.LNK)

{"id": "CVE-2025-48443", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 1.3}]}, "published": "2025-06-17T21:15:38.503", "references": [{"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-12917", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-361/", "tags": ["Third Party Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-64"}]}], "descriptions": [{"lang": "en", "value": "Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Local Privilege Escalation Vulnerability that could allow a local attacker to leverage this vulnerability to delete files in the context of an administrator when the administrator installs Trend Micro Password Manager."}, {"lang": "es", "value": "Trend Micro Password Manager (Consumer) versi\u00f3n 5.0.0.1266 y anteriores es afectado por una vulnerabilidad de escalada de privilegios locales siguiendo un enlace que podr\u00eda permitir que un atacante local aproveche esta vulnerabilidad para eliminar archivos en el contexto de un administrador cuando el administrador instala Trend Micro Password Manager."}], "lastModified": "2025-08-27T02:33:20.480", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:trendmicro:password_manager:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "B2DE58F6-8180-4144-9FE0-D998C64ABDA9", "versionEndExcluding": "5.8.0.1330"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}