June 25, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Lumma Stealer Malware aka LummaC – Active IOCs
June 13, 2025AsyncRAT – Active IOCs
June 13, 2025Lumma Stealer Malware aka LummaC – Active IOCs
June 13, 2025AsyncRAT – Active IOCs
June 13, 2025
Severity
High
Analysis Summary
CVE-2025-48443 CVSS:6.7
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Password Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Additionally, the vulnerability is triggered only when an administrator performs an install of the product. The specific flaw exists within the product installer. By creating a junction, an attacker can abuse the installer to delete an arbitrary file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.
CVE-2025-49487 CVSS:6.8
This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Trend Micro Worry-Free Business Security. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of OpenSSL. The process loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.
Impact
- Code Execution
- Privilege Escalation
Indicators of Compromise
CVE
CVE-2025-49487
CVE-2025-48443
Affected Vendors
Trend Micro
Affected Products
- Trend Micro Worry-Free Business Security (WFBS) 10.0 SP1
- Trend Micro Worry-Free Business Security Services (WFBSS) - 6.7 (SaaS)
- Trend Micro Password Manager - 5.0.0.1266
Remediation
Refer to Trend Micro Security Advisory for patch, upgrade, or suggested workaround information.