CVE-2025-53503
📋 TL;DR
Trend Micro Cleaner One Pro contains a privilege escalation vulnerability that allows local attackers to delete privileged Trend Micro files, including the software's own files. This could disrupt security functionality and potentially allow further system compromise. Only users of Trend Micro Cleaner One Pro are affected.
💻 Affected Systems
- Trend Micro Cleaner One Pro
📦 What is this software?
Cleaner One by Trendmicro
⚠️ Risk & Real-World Impact
Worst Case
An attacker could delete critical Trend Micro files, disabling security protections and potentially enabling full system compromise through follow-on attacks.
Likely Case
Local attackers could delete Trend Micro files, causing software malfunction and potentially creating opportunities for privilege escalation or persistence.
If Mitigated
With proper access controls and monitoring, impact would be limited to potential service disruption of Trend Micro software.
🎯 Exploit Status
Exploitation requires local access to the system. No public exploit code has been identified at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 6.6.0.2106
Vendor Advisory: https://helpcenter.trendmicro.com/en-us/article/tmka-12951
Restart Required: Yes
Instructions:
1. Open Trend Micro Cleaner One Pro. 2. Navigate to Settings or Help menu. 3. Check for updates and install version 6.6.0.2106 or later. 4. Restart the computer after installation completes.
🔧 Temporary Workarounds
Restrict Local Access
windowsLimit local access to systems running Trend Micro Cleaner One Pro to trusted users only.
Monitor File Deletion Events
windowsEnable auditing for file deletion events in Trend Micro directories.
auditpol /set /subcategory:"File System" /success:enable /failure:enable
🧯 If You Can't Patch
- Uninstall Trend Micro Cleaner One Pro if not essential for operations
- Implement strict access controls to limit local user privileges on affected systems
🔍 How to Verify
Check if Vulnerable:
Check Trend Micro Cleaner One Pro version in the application's About or Settings section. If version is below 6.6.0.2106, the system is vulnerable.Check Version:
Check application version through GUI: Settings → About or Help → AboutVerify Fix Applied:
Confirm Trend Micro Cleaner One Pro version is 6.6.0.2106 or higher in the application's About or Settings section.📡 Detection & Monitoring
Log Indicators:
- Unexpected file deletion events in Trend Micro program directories
- Failed attempts to access Trend Micro protected files
Network Indicators:
- No network indicators - this is a local privilege escalation
SIEM Query:
EventID=4663 AND ObjectName LIKE "%Trend Micro%" AND AccessMask=0x10000