Login Sign Up

CVE-2025-49385

7.8 HIGH

📋 TL;DR

Trend Micro Security 17.8 (Consumer) contains a local privilege escalation vulnerability where a local attacker could cause the deletion of privileged Trend Micro files, potentially including its own security components. This affects users running the vulnerable version of Trend Micro's consumer security software. The vulnerability requires local access to the system.

💻 Affected Systems

Products:
  • Trend Micro Security (Consumer)
Versions: 17.8
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Consumer edition only; enterprise/business editions not affected according to available information.

📦 What is this software?

Maximum Security 2022 by Trendmicro

View all CVEs affecting Maximum Security 2022 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could delete critical Trend Micro security files, disabling protection mechanisms and potentially creating opportunities for further system compromise.

🟠

Likely Case

Local attacker deletes Trend Micro files, causing security software malfunction and potentially allowing malware installation or privilege escalation.

🟢

If Mitigated

Limited impact with proper access controls and monitoring in place, though security software functionality may still be disrupted.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring local system access.
🏢 Internal Only: MEDIUM - Requires local access but could be exploited by malicious insiders or attackers who have gained initial foothold on the system.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and knowledge of Trend Micro file locations and permissions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to latest version (check Trend Micro for specific version)

Vendor Advisory: https://helpcenter.trendmicro.com/en-us/article/TMKA-18461

Restart Required: Yes

Instructions:

1. Open Trend Micro Security. 2. Click 'Check for Updates'. 3. Follow prompts to install available updates. 4. Restart computer when prompted.

🔧 Temporary Workarounds

Restrict local user permissions

windows

Limit standard user accounts' ability to create symbolic links or manipulate system directories

🧯 If You Can't Patch

  • Monitor Trend Micro service and file integrity using security monitoring tools
  • Implement strict access controls to limit local user privileges on affected systems

🔍 How to Verify

Check if Vulnerable:

Check Trend Micro Security version in the application interface or via Control Panel > Programs and Features

Check Version:

Not applicable via command line for consumer version; check through GUI

Verify Fix Applied:

Verify version is updated beyond 17.8 and check Trend Micro update status shows 'Up to date'

📡 Detection & Monitoring

Log Indicators:

  • Unexpected Trend Micro file deletions
  • Trend Micro service failures
  • Access denied errors for Trend Micro directories

Network Indicators:

  • None - local vulnerability only

SIEM Query:

EventID 4663 (File deletion) targeting Trend Micro directories OR Process creation events attempting to delete Trend Micro files

📊 Metadata

CVE ID: CVE-2025-49385
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-64
EPSS Score: 0.05% exploit probability (14.2th percentile)
Published: June 17, 2025
Last Updated: August 26, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-49385, you might also want to check these:

CVE-2025-52837 7.8

Trend Micro Password Manager (Consumer) versions 5.8.0.1327 and below contain a privilege escalation...

Same vulnerability type (CWE-64)
CVE-2025-53503 7.8

Trend Micro Cleaner One Pro contains a privilege escalation vulnerability that allows local attacker...

Same vulnerability type (CWE-64)
CVE-2025-7376 5.9

This vulnerability allows a local authenticated attacker to create symbolic links that redirect file...

Same vulnerability type (CWE-64)