[Japanese]

JVNDB-2025-007978

Multiple vulnerabilities in Trend Micro Password Manager for Windows (CVE-2025-48443, CVE-2025-52837)

Overview

Trend Micro Incorporated has released a security update for Trend Micro Password Manager for Windows.

Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
CVSS Severity (What is CVSS?)

Affected Products


Trend Micro, Inc.
  • Password Manager for Windows version 5.0.0.1266 and earlier - CVE-2025-48443
  • Password Manager for Windows version 5.8.0.1327 and earlier - CVE-2025-52837

Impact

* Arbitrary files may be deleted during the product installation due to a windows shortcut following (.LNK) vulnerability (CWE-64, CVE-2025-48443)
* Arbitrary files and folders may be deleted and privileges may be escalated due to a windows shortcut following (.LNK) vulnerability (CWE-64, CVE-2025-52837)
Solution

For CVE-2025-48443:
[Use the latest installer]
Use the latest installer provided by the developer.

For CVE-2025-52837:
[Update the software]
Update the software to the latest version.
According to the developer, the updates are automatically applied via ActiveUpdate.

Vendor Information

Trend Micro, Inc.
CWE (What is CWE?)

  1. Windows Shortcut Following (.LNK)(CWE-64) [Other]
CVE (What is CVE?)

  1. CVE-2025-48443
  2. CVE-2025-52837
References

  1. JVN : JVNVU#91134474
Revision History

  • [2025/07/04]
      Web page was published