Primary

Context

Trend Micro Password Manager Link Following Local Privilege Escalation Vulnerability

Vulnerability

Patched

A local privilege escalation vulnerability has been identified in Trend Micro Password Manager (Consumer) versions 5.0.0.1266 and prior. This vulnerability allows a local attacker to delete files with administrative privileges when the administrator installs the application. The issue arises from the product installer, which can be manipulated to remove arbitrary files, potentially leading to unauthorized privilege escalation and execution of arbitrary code in the context of the SYSTEM user.

Impact

Exploitation of this vulnerability could allow local attackers to escalate privileges and execute arbitrary code with SYSTEM rights on the affected machine.

Remediation

Users are advised to update to Trend Micro Password Manager version 5.8.0.1330. The update is available through the product's automatic update mechanism. For new installations, the latest version can be downloaded from the Trend Micro Password Manager download page.

Added: Jun 17, 2025, 9:43 PM

Updated: Jun 17, 2025, 9:43 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.0

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.0

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Trend Micro Password Manager Link Following Local Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Trend Micro Password Manager

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating