CVE-2025-47867

| EUVD-2025-18517 HIGH
2025-06-17 [email protected]
7.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 14, 2026 - 22:15 euvd
EUVD-2025-18517
Analysis Generated
Mar 14, 2026 - 22:15 vuln.today
CVE Published
Jun 17, 2025 - 18:15 nvd
HIGH 7.5

Tags

PHP RCE Trendmicro Lfi Apex Central

Description

A Local File Inclusion vulnerability in a Trend Micro Apex Central widget in versions below 8.0.6955 could allow an attacker to include arbitrary files to execute as PHP code and lead to remote code execution on affected installations.

Analysis

Local File Inclusion (LFI) vulnerability in Trend Micro Apex Central widgets (versions below 8.0.6955) that allows authenticated attackers to include and execute arbitrary PHP files, achieving remote code execution on affected systems. The vulnerability requires low-level user authentication and moderate attack complexity but carries high impact across confidentiality, integrity, and availability. Active exploitation status and proof-of-concept availability have not been confirmed from the provided data, but the authentication requirement and network accessibility make this a credible threat to deployed Apex Central instances.

Technical Context

This vulnerability stems from CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component), which manifests as a Local File Inclusion flaw in Trend Micro Apex Central's widget processing logic. The widget component fails to properly validate or sanitize user-supplied file path inputs before including them via PHP's file inclusion mechanisms (likely include(), require(), or similar functions). An attacker with valid credentials can craft malicious requests to the widget to traverse the filesystem and include arbitrary files, which are then processed as PHP code within the application context. The vulnerability affects Apex Central versions prior to 8.0.6955, indicating the fix was incorporated in the patch release. CPE identification would be: cpe:2.3:a:trendmicro:apex_central:*:*:*:*:*:*:*:* (versions <8.0.6955).

Affected Products

Trend Micro Apex Central: versions < 8.0.6955 (all affected). The vulnerability specifically impacts the widget component within these versions. Patched version: 8.0.6955 and later. No specific CPE references to alternative products were provided; however, typical Apex Central deployments span multi-tenant security management platforms serving enterprise customers. Organizations running any Apex Central version prior to 8.0.6955 should be considered vulnerable if the widget feature is enabled and accessible to authenticated users.

Remediation

1) Immediate patch: Update Trend Micro Apex Central to version 8.0.6955 or later. 2) Interim mitigations (if patching is delayed): Restrict network access to Apex Central administrative interfaces using firewall rules; limit widget functionality access to trusted internal networks only; enforce strong authentication and monitor for unusual widget access patterns. 3) Post-remediation: Verify patch installation across all Apex Central instances; audit logs for evidence of exploitation attempts (look for unusual file inclusion requests in widget components); review user access logs for suspicious authenticated activity. 4) Vendor reference: Contact Trend Micro support or review the official Apex Central security advisory for patch download links and detailed deployment guidance specific to your environment.

Priority Score

38
Low Medium High Critical
KEV: 0
EPSS: +0.7
CVSS: +38
POC: 0

Share

CVE-2025-47867 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy