CVE-2023-25146

Name of the Vulnerable Software and Affected Versions Trend Micro Apex One (affected versions not specified)

Description A security issue in the Trend Micro Apex One agent could allow a local attacker to quarantine a file, delete the original folder, and replace it with a junction to an arbitrary location, ultimately leading to an arbitrary file being dropped to an arbitrary location. The attacker must first obtain the ability to execute low-privileged code on the target system to exploit this issue. The vulnerability is related to incorrect link resolution before accessing a file, which may allow an attacker to elevate their privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.