JVNVU#91134474: Multiple vulnerabilities in Trend Micro Password Manager for Windows (CVE-2025-48443, CVE-2025-52837)

Overview

Trend Micro Incorporated has released a security update for Trend Micro Password Manager for Windows.

Products Affected

CVE-2025-48443

Trend Micro Password Manager for Windows version 5.0.0.1266 and earlier

CVE-2025-52837

Trend Micro Password Manager for Windows version 5.8.0.1327 and earlier

Description

Trend Micro Incorporated has released a security update for Trend Micro Password Manager for Windows.

Impact

Arbitrary files may be deleted during the product installation due to a windows shortcut following (.LNK) vulnerability (CWE-64, CVE-2025-48443)
Arbitrary files and folders may be deleted and privileges may be escalated due to a windows shortcut following (.LNK) vulnerability (CWE-64, CVE-2025-52837)

Solution

For CVE-2025-48443:
Use the latest installer
Use the latest installer provided by the developer.

For CVE-2025-52837:
Update the software
Update the software to the latest version.
According to the developer, the updates are automatically applied via ActiveUpdate.

Vendor Status

Vendor	Link
Trend Micro Incorporated	SECURITY BULLETIN: Trend Micro Password Manager Link Following Local Privilege Escalation Vulnerability
	SECURITY BULLETIN: Trend Micro Password Manager Link Following Privilege Escalation Vulnerability

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia

JVNVU#91134474 Multiple vulnerabilities in Trend Micro Password Manager for Windows (CVE-2025-48443, CVE-2025-52837)