Trend Micro: Several products with high-risk loopholes

On Friday night, Trend Micro published several CVE vulnerability entries. They concern high-risk vulnerabilities in several of the IT security company's products.

In Trend Micro's Cleaner One Pro, attackers can escalate privileges and unintentionally delete Trend Micro files with elevated privileges, including Cleaner One Pro files (CVE-2025-53503 / EUVD-2025-21043, CVSS 7.8, risk “high”). According to Trend Micro's security advisory, Trend Micro Cleaner One Pro 6.8.333 corrects the flaw.

Tracked shortcuts

Overall user version of Trend Micro's password manager, attackers can use symbolic links and similar and other unspecified methods to abuse a link tracking vulnerability for privilege escalation. This can be used to delete arbitrary folders and files and extend their rights in the system (CVE-2025-52837 / EUVD-2025-21041, CVSS 7.8, risk “high”). The password manager in version 5.8.0.1330 for Windows or newer versions patches the vulnerability.

The private user version Trend Micro Security 17.8 is affected by a similar vulnerability. The software follows shortcuts, allowing attackers to unintentionally delete Trend Micro files with elevated privileges, including their own (CVE-2025-52521 / EUVD-2025-21040, CVSS 7.8, risk “high”). The Trend Micro Security products for Windows no longer contain the bug as of version 17.8.1476.

In the Trend Micro Worry-Free Business Security Services (WFBSS) agent, attackers can take control from the network without prior authentication. An authentication check is missing (CVE-2025-53378 / EUVD-2025-21042, CVSS 7.6, risk “high”). The agents of the SaaS cloud version are impacted; the on-premises version is not vulnerable. The bug has already been corrected with the monthly maintenance update, so admins do not need to take action.

Trend Micro last sealed security vulnerabilities in Apex Central and Worry-Free Business Security in mid-June. The developers have even classified some of these as critical security risks.

(dmk)