JVNDB-2025-007390

[Japanese]
JVNDB-2025-007390
Trend Micro Internet Security and Trend Micro Maximum Security vulnerable to link following local privilege escalation (CVE-2025-49384, CVE-2025-49385)
Overview
Trend Micro Incorporated has released security updates for Trend Micro Internet Security and Trend Micro Maximum Security that contains a fix for a link following local privilege escalation vulnerability (CVE-2025-49384, CVE-2025-49385). Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
CVSS Severity (What is CVSS?)

Affected Products

Trend Micro, Inc. Trend Micro Maximum Security versions prior to 17.8.1464 Trend Micro Internet Security versions prior to 17.8.1464

Impact
Arbitrary file or folder may be deleted by a local attacker.
Solution
[Update the software] Update the software to the latest version. According to the developer, the updates are automatically applied via ActiveUpdate.
Vendor Information
Trend Micro, Inc. Trend Micro : Trend Micro Internet Security Link Following Local Privilege Escalation Vulnerability Trend Micro : Trend Micro Maximum Security Link Following Local Privilege Escalation Vulnerability
CWE (What is CWE?)

CVE (What is CVE?)
CVE-2025-49384 CVE-2025-49385
References
JVN : JVNVU#99381846
Revision History
[2025/06/24] Web page was published

Trend Micro Internet Security and Trend Micro Maximum Security vulnerable to link following local privilege escalation (CVE-2025-49384, CVE-2025-49385)