ID
VAR-202507-0240
CVE
CVE-2025-52521
TITLE
Trend Micro Maximum Security Link Following Local Privilege Escalation Vulnerability
Trust: 0.7
DESCRIPTION
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the Regain Disk Space functionality. By creating a junction, an attacker can abuse the Platinum Host Service to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.
Trust: 0.7
AFFECTED PRODUCTS
| vendor: | trend micro | model: | maximum security | scope: | - | version: | - | Trust: 0.7 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||
|
|
PATCH
| title: | Trend Micro has issued an update to correct this vulnerability. | url: | https://helpcenter.trendmicro.com/en-us/article/tmka-18876 | Trust: 0.7 |
EXTERNAL IDS
| db: | ZDI_CAN | id: | ZDI-CAN-26887 | Trust: 0.7 |
| db: | NVD | id: | CVE-2025-52521 | Trust: 0.7 |
| db: | ZDI | id: | ZDI-25-585 | Trust: 0.7 |
REFERENCES
| url: | https://helpcenter.trendmicro.com/en-us/article/tmka-18876 | Trust: 0.7 |
CREDITS
Simon Zuckerbraun of Trend Zero Day Initiative
Trust: 0.7
SOURCES
| db: | ZDI | id: | ZDI-25-585 |
LAST UPDATE DATE
2025-07-10T23:00:03.616000+00:00
SOURCES UPDATE DATE
| db: | ZDI | id: | ZDI-25-585 | date: | 2025-07-08T00:00:00 |
SOURCES RELEASE DATE
| db: | ZDI | id: | ZDI-25-585 | date: | 2025-07-08T00:00:00 |