Insecure link following in Trend Micro Password Manager for Windows

Published: 2022-05-10 | Updated: 2022-05-13
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2022-30523
Exploitation vector Local
Public exploit N/A
Vulnerable software
Password Manager for Windows
Client/Desktop applications / Other client software

Vendor Trend Micro

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Link following

EUVDB-ID: #VU62905

Risk: Low


CVE-ID: CVE-2022-30523

CWE-ID: CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Exploit availability: No


The vulnerability allows a local user to delete arbitrary files on the system.

The vulnerability exists due to insecure link following. A local user can create a specially crafted symbolic link on the system and delete arbitrary files with SYSTEM privileges.


Install updates from vendor's website.

Vulnerable software versions

Password Manager for Windows: - 5.0.1058

CPE2.3 External links

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?