JVNDB-2025-007978

[Japanese]
JVNDB-2025-007978
Multiple vulnerabilities in Trend Micro Password Manager for Windows (CVE-2025-48443, CVE-2025-52837)
Overview
Trend Micro Incorporated has released a security update for Trend Micro Password Manager for Windows. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
CVSS Severity (What is CVSS?)

Affected Products

Trend Micro, Inc. Password Manager for Windows version 5.0.0.1266 and earlier - CVE-2025-48443 Password Manager for Windows version 5.8.0.1327 and earlier - CVE-2025-52837

Impact
* Arbitrary files may be deleted during the product installation due to a windows shortcut following (.LNK) vulnerability (CWE-64, CVE-2025-48443) * Arbitrary files and folders may be deleted and privileges may be escalated due to a windows shortcut following (.LNK) vulnerability (CWE-64, CVE-2025-52837)
Solution
For CVE-2025-48443: [Use the latest installer] Use the latest installer provided by the developer. For CVE-2025-52837: [Update the software] Update the software to the latest version. According to the developer, the updates are automatically applied via ActiveUpdate.
Vendor Information
Trend Micro, Inc. Trend Micro Incorporated : SECURITY BULLETIN: Trend Micro Password Manager Link Following Local Privilege Escalation Vulnerability Trend Micro Incorporated : SECURITY BULLETIN: Trend Micro Password Manager Link Following Privilege Escalation Vulnerability
CWE (What is CWE?)
Windows Shortcut Following (.LNK)(CWE-64) [Other]
CVE (What is CVE?)
CVE-2025-48443 CVE-2025-52837
References
JVN : JVNVU#91134474
Revision History
[2025/07/04] Web page was published


Date Public	2025/07/03
Date First Published	2025/07/04
Date Last Updated	2025/07/04

Multiple vulnerabilities in Trend Micro Password Manager for Windows (CVE-2025-48443, CVE-2025-52837)