CVE-2023-25148: 
Trend Micro Apex One Agent vulnerability analysis and mitigation

A security agent link following vulnerability was discovered in Trend Micro Apex One that could allow local privilege escalation on affected installations. The vulnerability, identified as CVE-2023-25148, was reported on August 5, 2022, and publicly disclosed on February 24, 2023. The vulnerability specifically affects the Trend Micro Apex One Security Agent's Browser Exploit Detection engine (ZDI Advisory, CVE Details).

The vulnerability exists within the Browser Exploit Detection engine of the Apex One Common Client Solution Framework service. The specific flaw allows attackers to abuse the service by creating a mount point to delete a folder. The vulnerability has been assigned a CVSS score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating a high severity level (ZDI Advisory).

When successfully exploited, this vulnerability enables attackers to escalate privileges and execute arbitrary code in the context of SYSTEM, potentially gaining complete control over the affected system (ZDI Advisory).

Trend Micro has released an update to address this vulnerability. Users are advised to apply the security update as detailed in the vendor's security advisory (Trend Advisory).