Published:2025/07/03 Last Updated:2025/07/03
JVNVU#91134474
Multiple vulnerabilities in Trend Micro Password Manager for Windows (CVE-2025-48443, CVE-2025-52837)
Overview
Trend Micro Incorporated has released a security update for Trend Micro Password Manager for Windows.
Products Affected
CVE-2025-48443
- Trend Micro Password Manager for Windows version 5.0.0.1266 and earlier
- Trend Micro Password Manager for Windows version 5.8.0.1327 and earlier
Description
Trend Micro Incorporated has released a security update for Trend Micro Password Manager for Windows.
Impact
- Arbitrary files may be deleted during the product installation due to a windows shortcut following (.LNK) vulnerability (CWE-64, CVE-2025-48443)
- Arbitrary files and folders may be deleted and privileges may be escalated due to a windows shortcut following (.LNK) vulnerability (CWE-64, CVE-2025-52837)
Solution
For CVE-2025-48443:
Use the latest installer
Use the latest installer provided by the developer.
For CVE-2025-52837:
Update the software
Update the software to the latest version.
According to the developer, the updates are automatically applied via ActiveUpdate.
Vendor Status
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.