Release Date: February 15, 2025
CVE Vulnerability Identifier: CVE-2025-27529
Platform(s): Microsoft Windows
Summary
Trend Micro has released an update for Trend Micro Cleaner One Pro which resolves a denial-of-service (DOS) attack in its process.
Affected version(s)
| PRODUCT | AFFECTED VERSION(S) | PLATFORM | LANGUAGE(S) |
|---|---|---|---|
| Trend Micro Cleaner One Pro | 6.8.299 and below | Microsoft Windows | English |
Solution
Trend Micro has released an update that resolves the issue:
| PRODUCT | UPDATED VERSION(S) | PLATFORM | LANGUAGE(S) |
|---|---|---|---|
| Trend Micro Cleaner One Pro | 6.8.323 | Microsoft Windows | English |
Vulnerability Details
This update resolves vulnerability in the product wherein a low-privileged user can create a remote procedure call control point and redirect it to another location, allowing a permanent DOS attack.
Trend Micro has received no reports nor is it aware of any actual attacks against the affected products related to this vulnerability at this time.
Mitigating Factors
None identified. Customers are advised to ensure they always have the latest version of the program.
Acknowledgement
Trend Micro would like to thank Zero-day Initiative (ZDI) for responsibly disclosing this issue and working with Trend Micro to help protect our customers.
Additional Assistance
Customers who have questions are encouraged to contact Trend Micro Support for further assistance.
External Reference
- ZDI-CAN-25572