Published:2025/07/03  Last Updated:2025/07/03

JVNVU#91134474
Multiple vulnerabilities in Trend Micro Password Manager for Windows (CVE-2025-48443, CVE-2025-52837)

Overview

Trend Micro Incorporated has released a security update for Trend Micro Password Manager for Windows.

Products Affected

CVE-2025-48443

  • Trend Micro Password Manager for Windows version 5.0.0.1266 and earlier
CVE-2025-52837
  • Trend Micro Password Manager for Windows version 5.8.0.1327 and earlier

Description

Trend Micro Incorporated has released a security update for Trend Micro Password Manager for Windows.

Impact

  • Arbitrary files may be deleted during the product installation due to a windows shortcut following (.LNK) vulnerability (CWE-64, CVE-2025-48443)
  • Arbitrary files and folders may be deleted and privileges may be escalated due to a windows shortcut following (.LNK) vulnerability (CWE-64, CVE-2025-52837)

Solution

For CVE-2025-48443:
Use the latest installer
Use the latest installer provided by the developer.

For CVE-2025-52837:
Update the software
Update the software to the latest version.
According to the developer, the updates are automatically applied via ActiveUpdate.

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia