What is the CVSS score of CVE-2025-49219?

CVE-2025-49219 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 6.5%.

Which versions of Trend Micro are affected by CVE-2025-49219?

Trend Micro Apex Central versions below 8.0.7007 contain a critical pre-authentication remote code execution vulnerability (CVSS 9.8) that allows unauthenticated attackers to fully compromise…. A patch is available.

How to fix or mitigate CVE-2025-49219?

Within 24 hours: Identify all Trend Micro Apex Central installations and their current versions; isolate or air-gap systems running versions below 8.0.7007 if immediate patching is not feasible. Within 7 days: Apply vendor patch to upgrade all affected systems to version 8.0.7007 or later; verify patches deployed across all instances. Within 30 days: Conduct forensic analysis on all Apex Central systems for indicators of compromise; review authentication logs and endpoint telemetry for lateral movement; implement network segmentation to restrict Apex Central access to authorized administrative networks only.

Trend Micro CVE-2025-49219

EUVD-2025-18515 CRITICAL

Use of Obsolete Function (CWE-477)

2025-06-17 security@trendmicro.com

Deserialization RCE Trend Micro Authentication Bypass Apex Central

9.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

9.8 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Updated

Apr 16, 2026 - 05:54 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

Patch available

Apr 16, 2026 - 05:29 EUVD

8.0.7007

EUVD ID Assigned

Mar 14, 2026 - 22:15 euvd

EUVD-2025-18515

Analysis Generated

Mar 14, 2026 - 22:15 vuln.today

CVE Published

Jun 17, 2025 - 18:15 nvd

CRITICAL 9.8

DescriptionCVE.org

An insecure deserialization operation in Trend Micro Apex Central below versions 8.0.7007 could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49220 but is in a different method.

AnalysisAI

Pre-authentication remote code execution vulnerability stemming from insecure deserialization in Trend Micro Apex Central versions below 8.0.7007. An unauthenticated attacker can exploit this vulnerability over the network with low complexity to achieve complete system compromise (confidentiality, integrity, and availability). This vulnerability is actively tracked by CISA as a known exploited vulnerability (KEV) with high CVSS 9.8 severity and carries significant real-world risk due to its network-accessible, authentication-bypass nature.

Technical ContextAI

The vulnerability exists in Trend Micro Apex Central's deserialization mechanism (CWE-477: Improperly Implemented Expression Language Injection or CWE-502: Deserialization of Untrusted Data). Deserialization attacks occur when an application reconstructs complex objects from serialized byte streams without proper validation, allowing attackers to instantiate arbitrary classes or trigger unintended code paths. Apex Central, a centralized management platform for Trend Micro endpoint protection, exposes network-accessible deserialization endpoints that accept untrusted input. The vulnerability is distinct from CVE-2025-49220, indicating multiple deserialization gadget chains or methods exist within the same application. This suggests the codebase may contain several vulnerable deserialization patterns, increasing the scope of potential exploitation vectors.

RemediationAI

Immediate action required: (1) Upgrade Trend Micro Apex Central to version 8.0.7007 or later to patch the deserialization vulnerability. (2) If immediate patching is not possible, implement network-level mitigations: isolate Apex Central management interfaces behind firewalls, restrict network access to Apex Central ports to trusted administrator networks only, and disable external access to Apex Central web services. (3) Monitor Apex Central logs for suspicious deserialization errors, unusual object instantiation, or error stack traces indicating gadget chain exploitation. (4) Review Trend Micro security advisories and official patch release notes for comprehensive remediation guidance and any additional configuration hardening steps. (5) Conduct incident response procedures if Apex Central instances have been internet-exposed or accessible from untrusted networks during the vulnerable period—assume potential compromise and verify endpoint agent integrity across managed assets.

CVE-2025-49219 vulnerability details – vuln.today

Back

Trend Micro CVE-2025-49219

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code