Release Date: September 24, 2025
CVE Vulnerability Identifier: CVE-2025-59931
Platform(s): macOS
CVSS Vector v.4.0: 7.0 (AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)
Summary
Trend Micro has released updates to Trend Micro Antivirus for Mac addressing a Privilege Escalation vulnerability. The issue allowed local attackers to gain root access by exploiting a leftover LaunchDaemon after uninstallation.
Affected version(s)
| PRODUCT | AFFECTED VERSION(S) | PLATFORM | LANGUAGE(S) |
|---|---|---|---|
| Trend Micro Antivirus for Mac | 11.8.1283 | MacOS | English |
Solution
Trend Micro resolved the issue in version update 11.8.1400 and has also included the fix in version 11.9.36.
| PRODUCT | UPDATED VERSION(S) | PLATFORM | LANGUAGE(S) |
|---|---|---|---|
| Trend Micro Antivirus for Mac | 11.8.1400 & 11.9.36 | macOS | English |
Vulnerability Details
After uninstalling Trend Micro Antivirus for Mac (version 11.8.1283) by deleting it from the Applications, information about the application is left behind in a specific LaunchDaemon directory. A local attacker could place a malicious executable at the expected path, which will be executed as root upon system restart, resulting in local privilege escalation.
Trend Micro has received no reports nor is aware of any actual attacks against the affected product related to this vulnerability at this time.
Acknowledgment
Trend Micro would like to thank the following individual for responsibly disclosing the issue and working with Trend Micro to help protect our customers:
- Egor Filatov from Positive Technologies
Additional Assistance
Customers who have questions are encouraged to contact Trend Micro Technical Support for further assistance.