Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
4DescriptionCVE.org
An unrestricted file upload vulnerability in a Trend Micro Apex Central widget below version 8.0.6955 could allow an attacker to upload arbitrary files on affected installations.
Analysis
An unrestricted file upload vulnerability in a Trend Micro Apex Central widget below version 8.0.6955 could allow an attacker to upload arbitrary files on affected installations.
Technical ContextAI
Unrestricted file upload allows attackers to upload malicious files (web shells, executables) that can then be executed on the server.
RemediationAI
Validate file types by content (magic bytes), not just extension. Store uploads outside the web root. Use random filenames. Scan uploads for malware.
More in Apex Central
View allTrend Micro Apex Central has a DLL loading vulnerability (LoadLibraryEX) that allows unauthenticated remote attackers to
A message unchecked NULL return value vulnerability in Trend Micro Apex Central could allow a remote attacker to create
A message out-of-bounds read vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-
Critical pre-authentication remote code execution vulnerability in Trend Micro Apex Central versions below 8.0.7007, cau
Pre-authentication remote code execution vulnerability stemming from insecure deserialization in Trend Micro Apex Centra
An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upl
Vulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allow authenticated user
Vulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allow authenticated user
Local File Inclusion (LFI) vulnerability in Trend Micro Apex Central widgets that enables remote code execution (RCE) on
Local File Inclusion (LFI) vulnerability in Trend Micro Apex Central widgets (versions below 8.0.6955) that allows authe
Server-Side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central SaaS that allows authenticated attackers to
A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modOSCE component could allo
Same weakness CWE-475 – Undefined Behavior for Input to API
View allSame technique File Upload
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-18518