Skip to main content

Apex One CVE-2025-49158

| EUVDEUVD-2025-18527 MEDIUM
Uncontrolled Search Path Element (CWE-427)
2025-06-17 security@trendmicro.com
6.7
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.7 MEDIUM
AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Patch available
Apr 16, 2026 - 05:29 EUVD
14.0.14492,14.0.0.14002
EUVD ID Assigned
Mar 14, 2026 - 22:15 euvd
EUVD-2025-18527
Analysis Generated
Mar 14, 2026 - 22:15 vuln.today
CVE Published
Jun 17, 2025 - 19:15 nvd
MEDIUM 6.7

DescriptionCVE.org

An uncontrolled search path vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalation privileges on affected installations.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Analysis

An uncontrolled search path vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalation privileges on affected installations.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Technical ContextAI

Privilege escalation allows a low-privileged user or process to gain elevated permissions beyond what was originally authorized. This vulnerability is classified as Uncontrolled Search Path Element (CWE-427).

RemediationAI

Apply the principle of least privilege. Keep systems patched. Monitor for suspicious privilege changes. Use mandatory access controls (SELinux, AppArmor).

CVE-2023-32557 CRITICAL
9.8 Jun 26

A path traversal vulnerability in the Trend Micro Apex One and Apex One as a Service could allow an unauthenticated atta

CVE-2023-25143 CRITICAL
9.8 Mar 10

An uncontrolled search path element vulnerability in the Trend Micro Apex One Server installer could allow an attacker t

CVE-2022-40144 CRITICAL
9.8 Sep 19

A vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service could allow an attacker to bypass the prod

CVE-2022-26871 CRITICAL
9.8 Mar 29

An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upl

CVE-2020-8599 CRITICAL
9.8 Mar 18

Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to

CVE-2020-8598 CRITICAL
9.8 Mar 18

Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerabl

CVE-2019-18189 CRITICAL
9.8 Oct 28

A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5

CVE-2023-0587 CRITICAL
9.1 Feb 01

A file upload vulnerability in exists in Trend Micro Apex One server build 11110. Rated critical severity (CVSS 9.1), th

CVE-2022-41746 CRITICAL
9.1 Oct 10

A forced browsing vulnerability in Trend Micro Apex One could allow an attacker with access to the Apex One console on a

CVE-2025-49155 HIGH
8.8 Jun 17

CVE-2025-49155 is an uncontrolled search path vulnerability in Trend Micro Apex One's Data Loss Prevention (DLP) module

CVE-2024-52047 HIGH
8.8 Dec 31

A widget local file inclusion vulnerability in Trend Micro Apex One could allow a remote attacker to execute arbitrary c

CVE-2021-32465 HIGH
8.8 Aug 04

An incorrect permission preservation vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1

Share

CVE-2025-49158 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy