CVE-2025-52521 is a local privilege escalation vulnerability identified in Trend Micro Security (Consumer) version 17.8. The vulnerability is categorized under CWE-64, which relates to improper handling of Windows shortcut (.LNK) files. Specifically, the issue arises from the product's handling of .LNK files that can be manipulated by a local attacker to trigger unintended deletion of privileged Trend Micro files, including files critical to the security product's own operation. This vulnerability allows a local attacker with limited privileges to escalate their rights by exploiting the way the software follows or processes shortcut links, potentially causing the deletion of files that should be protected. The CVSS v3.1 base score is 7.8, indicating a high severity level. The attack vector is local (AV:L), requiring low attack complexity (AC:L) and low privileges (PR:L), but no user interaction (UI:N) is needed. The impact is high across confidentiality, integrity, and availability, meaning an attacker could compromise sensitive data, alter or delete important files, and disrupt the availability of the security software. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability's exploitation could undermine the security posture of affected systems by disabling or impairing Trend Micro Security, potentially exposing the system to further attacks or malware infections.

For European organizations, this vulnerability poses a significant risk, especially for those relying on Trend Micro Security (Consumer) version 17.8 for endpoint protection. Successful exploitation could lead to the deletion of critical security files, effectively disabling or degrading the antivirus and endpoint protection capabilities. This would increase the risk of malware infections, data breaches, and unauthorized access, impacting confidentiality, integrity, and availability of organizational data and systems. Local attackers, such as disgruntled employees or users with limited access, could leverage this flaw to escalate privileges and compromise systems. Given the high impact on availability and integrity of security software, organizations could face operational disruptions and compliance issues, particularly under regulations like GDPR that mandate robust security controls. The lack of required user interaction facilitates exploitation in environments where local access is possible, such as shared workstations or multi-user systems. The absence of known exploits in the wild currently limits immediate risk but does not diminish the urgency for mitigation given the high severity and potential impact.

European organizations should prioritize the following specific mitigation steps: 1) Immediately audit all endpoints running Trend Micro Security (Consumer) version 17.8 to identify affected systems. 2) Restrict local user permissions to the minimum necessary to reduce the risk of local privilege escalation. 3) Implement application whitelisting and file integrity monitoring to detect unauthorized deletion or modification of security product files. 4) Monitor system logs and security alerts for unusual file deletion activities or errors related to Trend Micro components. 5) Until an official patch is released, consider deploying compensating controls such as enhanced endpoint monitoring and restricting access to .LNK files or directories used by Trend Micro Security. 6) Educate local users about the risks of executing or interacting with untrusted shortcut files. 7) Maintain regular backups of critical security software files and system states to enable rapid recovery if exploitation occurs. 8) Engage with Trend Micro support channels to obtain updates on patch availability and apply patches promptly once released.