JVNDB-2025-008105

[Japanese]
JVNDB-2025-008105
Windows shortcut following (.LNK) vulnerability in Trend Micro Security for Windows (CVE-2025-52521)
Overview
Trend Micro Incorporated has released a security update for Trend Micro Security for Windows (CVE-2025-52521). Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
CVSS Severity (What is CVSS?)

Affected Products

Trend Micro, Inc. Trend Micro Security for Windows versions prior to 17.8.1476

Impact
Arbitrary files or folders may be deleted due to a windows shortcut following (.LNK) vulnerability (CWE-64, CVE-2025-52521)
Solution
[Update the software] Update the software to the latest version. According to the developer, the update is automatically applied via ActiveUpdate.
Vendor Information
Trend Micro, Inc. Trend Micro Incorporated : SECURITY BULLETIN: Trend Micro Maximum Security Link Following Local Privilege Escalation Vulnerability
CWE (What is CWE?)
Windows Shortcut Following (.LNK)(CWE-64) [Other]
CVE (What is CVE?)
CVE-2025-52521
References
JVN : JVNVU#94870570
Revision History
[2025/07/07] Web page was published

Windows shortcut following (.LNK) vulnerability in Trend Micro Security for Windows (CVE-2025-52521)