Apex One
Monthly
A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.
Trend Micro Apex One on-premise management console allows pre-authenticated remote attackers to upload malicious code and execute commands, enabling complete server compromise.
An uncontrolled search path vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Privilege escalation vulnerability in Trend Micro Apex One's Damage Cleanup Engine that exploits improper link following (CWE-269), allowing local attackers with low-privilege code execution to escalate to higher privileges. The vulnerability requires initial code execution on the target system but presents significant risk due to its high CVSS score (7.8) and likely real-world exploitability given the common prevalence of local code execution vectors in enterprise environments.
Privilege escalation vulnerability in Trend Micro Apex One's scan engine that exploits improper link handling to allow local attackers to escalate privileges. The vulnerability affects Trend Micro Apex One installations and requires an attacker to first obtain low-privileged code execution on the target system. While no active exploitation in the wild has been confirmed at this time, the CVSS score of 7.0 indicates a high-severity local privilege escalation risk for organizations running vulnerable versions.
CVE-2025-49155 is an uncontrolled search path vulnerability in Trend Micro Apex One's Data Loss Prevention (DLP) module that allows unauthenticated remote attackers to inject and execute arbitrary code. The vulnerability requires user interaction (CVSS UI:R) but poses critical risk to organizations deploying Apex One, as successful exploitation grants full system compromise with high confidentiality, integrity, and availability impact (CVSS 8.8). Exploitation likelihood should be assessed against current threat intelligence for active in-the-wild usage.
CVE-2025-49154 is an insecure access control vulnerability (CWE-284) in Trend Micro Apex One and Worry-Free Business Security that allows a local attacker with low-privileged code execution to overwrite critical memory-mapped files, potentially compromising system security and stability. With a CVSS score of 8.7 and low attack complexity, this vulnerability poses a significant risk to enterprise security postures, though exploitation requires prior code execution access. No active KEV confirmation or public POC availability is documented in standard vulnerability databases at this time.
A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.
Trend Micro Apex One on-premise management console allows pre-authenticated remote attackers to upload malicious code and execute commands, enabling complete server compromise.
An uncontrolled search path vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Privilege escalation vulnerability in Trend Micro Apex One's Damage Cleanup Engine that exploits improper link following (CWE-269), allowing local attackers with low-privilege code execution to escalate to higher privileges. The vulnerability requires initial code execution on the target system but presents significant risk due to its high CVSS score (7.8) and likely real-world exploitability given the common prevalence of local code execution vectors in enterprise environments.
Privilege escalation vulnerability in Trend Micro Apex One's scan engine that exploits improper link handling to allow local attackers to escalate privileges. The vulnerability affects Trend Micro Apex One installations and requires an attacker to first obtain low-privileged code execution on the target system. While no active exploitation in the wild has been confirmed at this time, the CVSS score of 7.0 indicates a high-severity local privilege escalation risk for organizations running vulnerable versions.
CVE-2025-49155 is an uncontrolled search path vulnerability in Trend Micro Apex One's Data Loss Prevention (DLP) module that allows unauthenticated remote attackers to inject and execute arbitrary code. The vulnerability requires user interaction (CVSS UI:R) but poses critical risk to organizations deploying Apex One, as successful exploitation grants full system compromise with high confidentiality, integrity, and availability impact (CVSS 8.8). Exploitation likelihood should be assessed against current threat intelligence for active in-the-wild usage.
CVE-2025-49154 is an insecure access control vulnerability (CWE-284) in Trend Micro Apex One and Worry-Free Business Security that allows a local attacker with low-privileged code execution to overwrite critical memory-mapped files, potentially compromising system security and stability. With a CVSS score of 8.7 and low attack complexity, this vulnerability poses a significant risk to enterprise security postures, though exploitation requires prior code execution access. No active KEV confirmation or public POC availability is documented in standard vulnerability databases at this time.
A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.