Improper Enforcement of Behavioral Workflow in Antivirus for Mac - CVE-2025-59931
Published: September 25, 2025
Vulnerability identifier: #VU116090
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-59931
CWE-ID: CWE-841
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Trend Micro
Affected software:
Antivirus for Mac
Antivirus for Mac
Detailed vulnerability description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect deletion process when uninstalling the application by deleting it from the Applications. Information about the application is left behind in a specific LaunchDaemon directory. A local user can place a malicious executable at the expected path and execute it as root after system restart, leading to privilege escalation.
How to mitigate CVE-2025-59931
Install updates from vendor's website.