Trend Micro Cleaner One Pro Link Following Vulnerability Allows Local DoS

A link-following vulnerability has been disclosed in Trend Micro Cleaner One Pro, tracked as CVE-2025-71218, that allows local attackers to cause a denial-of-service condition. The flaw, reported through the Zero Day Initiative (ZDI-26-149), resides in the product installer and can be exploited by an attacker with low-privileged code execution on the target system.

The vulnerability is a classic link-following issue. By creating a symbolic link, an attacker can abuse the installer to create an arbitrary file on the system. This can lead to a denial-of-service condition, potentially rendering the system unstable or unusable. The CVSS score for this vulnerability is 5.0, with a vector of AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H, indicating a local attack with high complexity and low privileges required.

Trend Micro has issued an update to address the vulnerability. Users are advised to apply the patch as soon as possible. The advisory from Trend Micro can be found at their help center: https://helpcenter.trendmicro.com/en-us/article/tmka-13129. The disclosure timeline shows the vulnerability was reported to Trend Micro on December 24, 2025, and the coordinated public release occurred on March 3, 2026.

This vulnerability is part of a broader pattern of link-following flaws in software installers, which can be exploited for privilege escalation or denial-of-service. While the CVSS score is moderate, the requirement for low-privileged code execution means that an attacker must already have a foothold on the system. Nonetheless, organizations using Trend Micro Cleaner One Pro should prioritize patching to mitigate the risk.

The credit for discovering the vulnerability goes to an anonymous researcher. Trend Micro has not reported any active exploitation in the wild, but given the public disclosure, users should act quickly to secure their systems.