Published:2025/07/04  Last Updated:2025/07/04

JVNVU#94870570
Windows shortcut following (.LNK) vulnerability in Trend Micro Security for Windows (CVE-2025-52521)

Overview

Trend Micro Incorporated has released a security update for Trend Micro Security for Windows.

Products Affected

  • Trend Micro Security for Windows versions prior to 17.8.1476

Description

Trend Micro Incorporated has released a security update for Trend Micro Security for Windows (CVE-2025-52521).

Impact

  • Arbitrary files or folders may be deleted due to a windows shortcut following (.LNK) vulnerability (CWE-64, CVE-2025-52521)

Solution

Update the software
Update the software to the latest version.
According to the developer, the update is automatically applied via ActiveUpdate.

Vendor Status

Vendor Link
Trend Micro Incorporated SECURITY BULLETIN: Trend Micro Maximum Security Link Following Local Privilege Escalation Vulnerability

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia