Sign-up

ID

VAR-202506-0633


CVE

CVE-2025-49385


TITLE

Trend Micro Maximum Security Platinum Host Service Link Following Local Privilege Escalation Vulnerability

Trust: 0.7

sources: ZDI: ZDI-25-380

DESCRIPTION

Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the Platinum Host Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM

Trust: 1.53

sources: NVD: CVE-2025-49385 // ZDI: ZDI-25-380

AFFECTED PRODUCTS

vendor:trendmicromodel:maximum security 2022scope:eqversion:17.8

Trust: 1.0

vendor:trend micromodel:maximum securityscope: - version: -

Trust: 0.7

sources: ZDI: ZDI-25-380 // NVD: CVE-2025-49385

CVSS

SEVERITY

CVSSV2

CVSSV3

security@trendmicro.com: CVE-2025-49385
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2025-49385
value: HIGH

Trust: 1.0

ZDI: CVE-2025-49385
value: HIGH

Trust: 0.7

security@trendmicro.com: CVE-2025-49385
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-49385
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.2
version: 3.1

Trust: 1.0

ZDI: CVE-2025-49385
baseSeverity: HIGH
baseScore: 7.8
vectorString: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-25-380 // NVD: CVE-2025-49385 // NVD: CVE-2025-49385

PROBLEMTYPE DATA

problemtype:CWE-64

Trust: 1.0

sources: NVD: CVE-2025-49385

PATCH

title:Trend Micro has issued an update to correct this vulnerability.url:https://helpcenter.trendmicro.com/en-us/article/TMKA-18461

Trust: 0.7

sources: ZDI: ZDI-25-380

EXTERNAL IDS

db:NVDid:CVE-2025-49385

Trust: 1.7

db:ZDIid:ZDI-25-380

Trust: 1.7

db:ZDI_CANid:ZDI-CAN-25877

Trust: 0.7

sources: ZDI: ZDI-25-380 // NVD: CVE-2025-49385

REFERENCES

url:https://helpcenter.trendmicro.com/en-us/article/tmka-18461

Trust: 1.7

url:https://www.zerodayinitiative.com/advisories/zdi-25-380/

Trust: 1.0

sources: ZDI: ZDI-25-380 // NVD: CVE-2025-49385

CREDITS

Vladislav Berghici of Trend Research

Trust: 0.7

sources: ZDI: ZDI-25-380

SOURCES

db:ZDIid:ZDI-25-380
db:NVDid:CVE-2025-49385

LAST UPDATE DATE

2025-08-27T22:57:30.261000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-25-380date:2025-06-13T00:00:00
db:NVDid:CVE-2025-49385date:2025-08-26T19:39:54.587

SOURCES RELEASE DATE

db:ZDIid:ZDI-25-380date:2025-06-13T00:00:00
db:NVDid:CVE-2025-49385date:2025-06-17T21:15:39.960