CVE-2025-71217

An origin validation error vulnerability in the Trend Micro Apex One mac agent self-protection mechanism could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in ord...

Windows shortcut following (.LNK) vulnerability in Trend Micro Security for Windows (CVE-2025-52521)

Overview Trend Micro Incorporated has released a security update for Trend Micro Security for Windows CVE-2025-52521. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact Arbitrary files or folders may be deleted due to a windows...

Multiple vulnerabilities in Trend Micro Password Manager for Windows (CVE-2025-48443, CVE-2025-52837)

Overview Trend Micro Incorporated has released a security update for Trend Micro Password Manager for Windows. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. Impact Arbitrary files may be deleted during the product installation d...

Trend Micro Internet Security and Trend Micro Maximum Security vulnerable to link following local privilege escalation (CVE-2025-49384, CVE-2025-49385)

Overview Trend Micro Incorporated has released security updates for Trend Micro Internet Security and Trend Micro Maximum Security that contains a fix for a link following local privilege escalation vulnerability CVE-2025-49384, CVE-2025-49385. Trend Micro Incorporated reported this vulnerability...

CVE-2022-36336

A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. The resolution for this issue has been deployed automatically via ActiveUpdate to customers in an...

Trend Micro Maximum Security vulnerable to improper link resolution (CVE-2024-32849)

Overview Trend Micro Incorporated has released a security update for Trend Micro Maximum Security, fixing an improper link resolution vulnerabilityCWE-59, CVE-2024-32849. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN. Impact Trend...

CVE-2022-36336

A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. The resolution for this issue has been deployed automatically via ActiveUpdate to customers in an...

Spoofing

A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. The resolution for this issue has been deployed automatically via ActiveUpdate to customers in an...

CVE-2022-36336

A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. The resolution for this issue has been deployed automatically via ActiveUpdate to customers in an...

CVE-2022-36336

CVE-2022-36336 involves a local privilege-escalation in Trend Micro Apex One and Worry-Free Business Security agents caused by a link-following vulnerability in the scanning function. The available details identify the vulnerable component as the scanning service path in these products (notably t...

Trend Micro Password Manager may insecurely load Dynamic Link Libraries

Overview Password Manager provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact...