JVNVU#99381846: Trend Micro Internet Security and Trend Micro Maximum Security vulnerable to link following local privilege escalation (CVE-2025-49384, CVE-2025-49385)

Overview

Trend Micro Incorporated has released security updates for Trend Micro Internet Security and Trend Micro Maximum Security.

Products Affected

Trend Micro Internet Security versions prior to 17.8.1464
Trend Micro Maximum Security versions prior to 17.8.1464

Description

Trend Micro Incorporated has released security updates for Trend Micro Internet Security and Trend Micro Maximum Security that contains a fix for a link following local privilege escalation vulnerability (CVE-2025-49384, CVE-2025-49385).

Impact

Arbitrary file or folder may be deleted by a local attacker.

Solution

Update the software
Update the software to the latest version.
According to the developer, the updates are automatically applied via ActiveUpdate.

Vendor Status

Vendor	Link
Trend Micro Incorporated	Trend Micro Internet Security Link Following Local Privilege Escalation Vulnerability
	Trend Micro Maximum Security Link Following Local Privilege Escalation Vulnerability

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia

JVNVU#99381846 Trend Micro Internet Security and Trend Micro Maximum Security vulnerable to link following local privilege escalation (CVE-2025-49384, CVE-2025-49385)