CVE-2023-25146: 
Trend Micro Apex One Agent vulnerability analysis and mitigation

A security agent link following vulnerability was discovered in the Trend Micro Apex One agent, identified as CVE-2023-25146. The vulnerability was reported on September 30, 2022, and publicly disclosed on February 24, 2023. This security flaw affects installations of Trend Micro Apex One Security Agent and requires an attacker to have initial access to execute low-privileged code on the target system (ZDI Advisory).

The vulnerability exists within the Apex One NT RealTime Scan service. The specific mechanism involves an attacker's ability to quarantine a file, delete the original folder, and replace it with a junction to an arbitrary location. This can ultimately lead to an arbitrary file being dropped to an arbitrary location. The vulnerability has been assigned a CVSS score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity (ZDI Advisory).

When successfully exploited, this vulnerability allows attackers to escalate privileges and execute arbitrary code in the context of SYSTEM. This means an attacker could gain elevated system privileges, potentially leading to complete system compromise (ZDI Advisory).

Trend Micro has issued an update to address this vulnerability. Users are advised to apply the security update provided by Trend Micro to protect their systems (ZDI Advisory).