Windows Shortcut Following (.LNK)

CVE-2025-53503

High

7.8/10

Summary

Trend Micro Cleaner One Pro is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-64 - Windows Shortcut Following (.LNK)

The software, when opening a file or directory, does not sufficiently handle when the file is a Windows shortcut (.LNK) whose target is outside of the intended control sphere. This could allow an attacker to cause the software to operate on unauthorized files.

References

Advisory Timeline

Published Jul 10, 2025

Windows Shortcut Following (.LNK)

CVE-2025-53503

Summary

CWE-64 - Windows Shortcut Following (.LNK)

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS