Trendmicro
Monthly
A message out-of-bounds read vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations. Please note: authentication is not required in order to exploit this vulnerability. [CVSS 7.5 HIGH]
A message unchecked NULL return value vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations. Please note: authentication is not required in order to exploit this vulnerability.. [CVSS 7.5 HIGH]
Trend Micro Apex Central has a DLL loading vulnerability (LoadLibraryEX) that allows unauthenticated remote attackers to load attacker-controlled DLLs and execute code as SYSTEM. PoC available.
CVE-2025-53503 is a privilege escalation vulnerability in Trend Micro Cleaner One Pro that allows a local attacker with low privileges to delete critical Trend Micro system files, potentially including the security software itself. The CVSS 7.8 score reflects high impact across confidentiality, integrity, and availability. No public exploit code or active exploitation in the wild has been confirmed at this time, but the vulnerability requires only low privileges and no user interaction, making it a material risk for environments running this product.
CVE-2025-53378 is a missing authentication vulnerability in Trend Micro Worry-Free Business Security Services (WFBSS) SaaS agent that allows unauthenticated remote attackers to take control of affected agents with user interaction required. The vulnerability has a CVSS score of 7.6 (High) and affects only the cloud-based SaaS version of WFBSS, not on-premises deployments. Trend Micro has addressed this issue through a monthly maintenance update, and affected customers on the regular SaaS deployment schedule are automatically patched; no additional customer action is required for remediation.
Trend Micro Security 17.8 for consumer platforms contains a local privilege escalation vulnerability via improper symlink handling (CWE-64: Improper Link Resolution Before File Access) that allows a local attacker with limited privileges to delete or modify critical Trend Micro system files without user interaction. The vulnerability affects Trend Micro Security 17.8 specifically and carries a CVSS 3.1 score of 7.8 (High) with local attack vector; KEV status, EPSS score, and active exploitation data are not provided in available sources, limiting real-world risk quantification.
Local privilege escalation vulnerability in Trend Micro Security 17.8 (Consumer) that exploits insecure link following to allow a low-privileged local attacker to delete privileged Trend Micro files, potentially compromising the security product's integrity. With a CVSS score of 7.8 and low attack complexity (AC:L), this vulnerability poses a significant risk to consumer systems where privilege escalation could disable or corrupt critical security components. No active exploitation (KEV status) or public POC has been reported at this time, but the low barrier to exploitation (local access with low privileges required) warrants prompt patching.
Local privilege escalation vulnerability in Trend Micro Security 17.8 (Consumer) that exploits improper link following (symlink/junction attack) to allow a low-privileged local attacker to delete privileged Trend Micro system files without user interaction. This vulnerability carries a CVSS 7.8 high severity rating due to high impact on confidentiality, integrity, and availability; however, real-world exploitability depends on KEV status, EPSS probability data, and proof-of-concept availability, which are not provided in the available intelligence.
Post-authentication SQL injection vulnerability in Trend Micro Endpoint Encryption PolicyServer that allows low-privileged authenticated users to escalate privileges through SQL injection attacks. The vulnerability has a CVSS score of 7.7 (high severity) with significant impact on confidentiality, integrity, and availability. While this is a post-auth vulnerability requiring initial low-privileged code execution, successful exploitation enables privilege escalation, making it a critical concern for organizations running affected PolicyServer instances.
Pre-authentication remote code execution vulnerability in Trend Micro Endpoint Encryption PolicyServer caused by insecure deserialization. Attackers can exploit this vulnerability over the network without authentication to achieve arbitrary code execution with complete system compromise (confidentiality, integrity, and availability impact). This is a critical, actively exploitable vulnerability affecting Trend Micro Endpoint Encryption deployments; similar to CVE-2025-49213 but in a different vulnerable method, indicating a pattern of insecure deserialization issues in the same product.
Critical authentication bypass vulnerability in Trend Micro Endpoint Encryption PolicyServer that allows unauthenticated remote attackers to gain administrative access and modify product configurations without valid credentials. The vulnerability has a CVSS 9.8 score indicating severe impact (confidentiality, integrity, and availability compromised), and represents a complete authentication control failure requiring immediate patching.
Post-authentication SQL injection vulnerability in Trend Micro Endpoint Encryption PolicyServer that enables authenticated attackers to escalate privileges and achieve full system compromise (confidentiality, integrity, and availability impact). The vulnerability requires an attacker to first obtain low-privileged code execution on the target system before exploiting the SQL injection to escalate to administrative privileges. With a CVSS score of 8.8 and network accessibility, this represents a significant risk to organizations running vulnerable PolicyServer instances, particularly in environments where initial compromise vectors (phishing, lateral movement, supply chain) are plausible.
Post-authentication insecure deserialization vulnerability in Trend Micro Endpoint Encryption PolicyServer that allows remote code execution with high impact on confidentiality, integrity, and availability. While the CVSS score of 8.8 is significant, exploitation requires prior low-privileged code execution on the target system, substantially reducing real-world attack surface compared to unauthenticated network exploits. The vulnerability affects Trend Micro Endpoint Encryption installations and should be prioritized based on organizational exposure to this specific product line and internal threat modeling of low-privileged account compromise scenarios.
Critical pre-authentication remote code execution vulnerability in Trend Micro Endpoint Encryption PolicyServer caused by insecure deserialization. An unauthenticated attacker can exploit this vulnerability over the network with no user interaction required to achieve complete system compromise (confidentiality, integrity, and availability impact). This vulnerability is actively being tracked and should be prioritized for immediate patching as it requires no privileges or complex attack conditions.
Pre-authentication remote code execution vulnerability in Trend Micro Endpoint Encryption PolicyServer caused by insecure deserialization in an unnamed method. An unauthenticated attacker on the network can exploit this over the network without user interaction to achieve complete system compromise (confidentiality, integrity, and availability impact). This vulnerability is actively monitored and represents a critical threat requiring immediate patching.
SQL injection vulnerability in Trend Micro Endpoint Encryption PolicyServer that enables privilege escalation on affected systems. The vulnerability requires an attacker to first obtain low-privileged code execution on the target system, after which SQL injection can be leveraged to escalate privileges and gain high-impact access (confidentiality compromise, integrity violation, availability disruption). With a CVSS score of 7.7 and local attack vector, this poses a significant risk to organizations running vulnerable PolicyServer instances, particularly in multi-user environments or where low-privileged service accounts are present.
Link following (symlink) vulnerability in Trend Micro Deep Security 20.0 agent's anti-malware component that enables local privilege escalation. An attacker with low-privileged code execution can exploit this to gain elevated system privileges (confidentiality, integrity, and availability impact). While no public exploit or active exploitation in the wild has been confirmed, the CVSS 7.8 score and low attack complexity indicate this poses a significant risk to organizations running vulnerable versions.
Link following vulnerability (symlink attack) in Trend Micro Deep Security 20.0 agents that enables local privilege escalation on affected systems. An attacker with low-privileged code execution capability can exploit this flaw to gain high-level system access. The vulnerability has a CVSS score of 7.8 with high impact across confidentiality, integrity, and availability; KEV and POC status are not confirmed in available data, but the low attack complexity and low privilege requirement indicate moderate real-world risk once initial code execution is obtained.
Server-Side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central SaaS that allows authenticated attackers to manipulate parameters and disclose sensitive information from affected installations. The vulnerability affects only the SaaS deployment model of Apex Central; SaaS customers receiving automatic monthly maintenance updates are not impacted. While no public exploit or KEV status is indicated, the CVSS 7.1 score and information disclosure capability present moderate risk for organizations with manual SaaS deployments or on-premises installations.
Privilege escalation vulnerability in Trend Micro Apex One's Damage Cleanup Engine that exploits improper link following (CWE-269), allowing local attackers with low-privilege code execution to escalate to higher privileges. The vulnerability requires initial code execution on the target system but presents significant risk due to its high CVSS score (7.8) and likely real-world exploitability given the common prevalence of local code execution vectors in enterprise environments.
Privilege escalation vulnerability in Trend Micro Apex One's scan engine that exploits improper link handling to allow local attackers to escalate privileges. The vulnerability affects Trend Micro Apex One installations and requires an attacker to first obtain low-privileged code execution on the target system. While no active exploitation in the wild has been confirmed at this time, the CVSS score of 7.0 indicates a high-severity local privilege escalation risk for organizations running vulnerable versions.
CVE-2025-49155 is an uncontrolled search path vulnerability in Trend Micro Apex One's Data Loss Prevention (DLP) module that allows unauthenticated remote attackers to inject and execute arbitrary code. The vulnerability requires user interaction (CVSS UI:R) but poses critical risk to organizations deploying Apex One, as successful exploitation grants full system compromise with high confidentiality, integrity, and availability impact (CVSS 8.8). Exploitation likelihood should be assessed against current threat intelligence for active in-the-wild usage.
CVE-2025-49154 is an insecure access control vulnerability (CWE-284) in Trend Micro Apex One and Worry-Free Business Security that allows a local attacker with low-privileged code execution to overwrite critical memory-mapped files, potentially compromising system security and stability. With a CVSS score of 8.7 and low attack complexity, this vulnerability poses a significant risk to enterprise security postures, though exploitation requires prior code execution access. No active KEV confirmation or public POC availability is documented in standard vulnerability databases at this time.
Pre-authentication remote code execution vulnerability stemming from insecure deserialization in Trend Micro Apex Central versions below 8.0.7007. An unauthenticated attacker can exploit this vulnerability over the network with low complexity to achieve complete system compromise (confidentiality, integrity, and availability). This vulnerability is actively tracked by CISA as a known exploited vulnerability (KEV) with high CVSS 9.8 severity and carries significant real-world risk due to its network-accessible, authentication-bypass nature.
Local File Inclusion (LFI) vulnerability in Trend Micro Apex Central widgets (versions below 8.0.6955) that allows authenticated attackers to include and execute arbitrary PHP files, achieving remote code execution on affected systems. The vulnerability requires low-level user authentication and moderate attack complexity but carries high impact across confidentiality, integrity, and availability. Active exploitation status and proof-of-concept availability have not been confirmed from the provided data, but the authentication requirement and network accessibility make this a credible threat to deployed Apex Central instances.
Local File Inclusion (LFI) vulnerability in Trend Micro Apex Central widgets that enables remote code execution (RCE) on affected systems. This vulnerability affects Trend Micro Apex Central installations below version 8.0.6955 and requires an authenticated attacker with low privileges to exploit. The vulnerability combines LFI with RCE capabilities, representing a significant threat to organizations using vulnerable Apex Central deployments.
A message out-of-bounds read vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations. Please note: authentication is not required in order to exploit this vulnerability. [CVSS 7.5 HIGH]
A message unchecked NULL return value vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations. Please note: authentication is not required in order to exploit this vulnerability.. [CVSS 7.5 HIGH]
Trend Micro Apex Central has a DLL loading vulnerability (LoadLibraryEX) that allows unauthenticated remote attackers to load attacker-controlled DLLs and execute code as SYSTEM. PoC available.
CVE-2025-53503 is a privilege escalation vulnerability in Trend Micro Cleaner One Pro that allows a local attacker with low privileges to delete critical Trend Micro system files, potentially including the security software itself. The CVSS 7.8 score reflects high impact across confidentiality, integrity, and availability. No public exploit code or active exploitation in the wild has been confirmed at this time, but the vulnerability requires only low privileges and no user interaction, making it a material risk for environments running this product.
CVE-2025-53378 is a missing authentication vulnerability in Trend Micro Worry-Free Business Security Services (WFBSS) SaaS agent that allows unauthenticated remote attackers to take control of affected agents with user interaction required. The vulnerability has a CVSS score of 7.6 (High) and affects only the cloud-based SaaS version of WFBSS, not on-premises deployments. Trend Micro has addressed this issue through a monthly maintenance update, and affected customers on the regular SaaS deployment schedule are automatically patched; no additional customer action is required for remediation.
Trend Micro Security 17.8 for consumer platforms contains a local privilege escalation vulnerability via improper symlink handling (CWE-64: Improper Link Resolution Before File Access) that allows a local attacker with limited privileges to delete or modify critical Trend Micro system files without user interaction. The vulnerability affects Trend Micro Security 17.8 specifically and carries a CVSS 3.1 score of 7.8 (High) with local attack vector; KEV status, EPSS score, and active exploitation data are not provided in available sources, limiting real-world risk quantification.
Local privilege escalation vulnerability in Trend Micro Security 17.8 (Consumer) that exploits insecure link following to allow a low-privileged local attacker to delete privileged Trend Micro files, potentially compromising the security product's integrity. With a CVSS score of 7.8 and low attack complexity (AC:L), this vulnerability poses a significant risk to consumer systems where privilege escalation could disable or corrupt critical security components. No active exploitation (KEV status) or public POC has been reported at this time, but the low barrier to exploitation (local access with low privileges required) warrants prompt patching.
Local privilege escalation vulnerability in Trend Micro Security 17.8 (Consumer) that exploits improper link following (symlink/junction attack) to allow a low-privileged local attacker to delete privileged Trend Micro system files without user interaction. This vulnerability carries a CVSS 7.8 high severity rating due to high impact on confidentiality, integrity, and availability; however, real-world exploitability depends on KEV status, EPSS probability data, and proof-of-concept availability, which are not provided in the available intelligence.
Post-authentication SQL injection vulnerability in Trend Micro Endpoint Encryption PolicyServer that allows low-privileged authenticated users to escalate privileges through SQL injection attacks. The vulnerability has a CVSS score of 7.7 (high severity) with significant impact on confidentiality, integrity, and availability. While this is a post-auth vulnerability requiring initial low-privileged code execution, successful exploitation enables privilege escalation, making it a critical concern for organizations running affected PolicyServer instances.
Pre-authentication remote code execution vulnerability in Trend Micro Endpoint Encryption PolicyServer caused by insecure deserialization. Attackers can exploit this vulnerability over the network without authentication to achieve arbitrary code execution with complete system compromise (confidentiality, integrity, and availability impact). This is a critical, actively exploitable vulnerability affecting Trend Micro Endpoint Encryption deployments; similar to CVE-2025-49213 but in a different vulnerable method, indicating a pattern of insecure deserialization issues in the same product.
Critical authentication bypass vulnerability in Trend Micro Endpoint Encryption PolicyServer that allows unauthenticated remote attackers to gain administrative access and modify product configurations without valid credentials. The vulnerability has a CVSS 9.8 score indicating severe impact (confidentiality, integrity, and availability compromised), and represents a complete authentication control failure requiring immediate patching.
Post-authentication SQL injection vulnerability in Trend Micro Endpoint Encryption PolicyServer that enables authenticated attackers to escalate privileges and achieve full system compromise (confidentiality, integrity, and availability impact). The vulnerability requires an attacker to first obtain low-privileged code execution on the target system before exploiting the SQL injection to escalate to administrative privileges. With a CVSS score of 8.8 and network accessibility, this represents a significant risk to organizations running vulnerable PolicyServer instances, particularly in environments where initial compromise vectors (phishing, lateral movement, supply chain) are plausible.
Post-authentication insecure deserialization vulnerability in Trend Micro Endpoint Encryption PolicyServer that allows remote code execution with high impact on confidentiality, integrity, and availability. While the CVSS score of 8.8 is significant, exploitation requires prior low-privileged code execution on the target system, substantially reducing real-world attack surface compared to unauthenticated network exploits. The vulnerability affects Trend Micro Endpoint Encryption installations and should be prioritized based on organizational exposure to this specific product line and internal threat modeling of low-privileged account compromise scenarios.
Critical pre-authentication remote code execution vulnerability in Trend Micro Endpoint Encryption PolicyServer caused by insecure deserialization. An unauthenticated attacker can exploit this vulnerability over the network with no user interaction required to achieve complete system compromise (confidentiality, integrity, and availability impact). This vulnerability is actively being tracked and should be prioritized for immediate patching as it requires no privileges or complex attack conditions.
Pre-authentication remote code execution vulnerability in Trend Micro Endpoint Encryption PolicyServer caused by insecure deserialization in an unnamed method. An unauthenticated attacker on the network can exploit this over the network without user interaction to achieve complete system compromise (confidentiality, integrity, and availability impact). This vulnerability is actively monitored and represents a critical threat requiring immediate patching.
SQL injection vulnerability in Trend Micro Endpoint Encryption PolicyServer that enables privilege escalation on affected systems. The vulnerability requires an attacker to first obtain low-privileged code execution on the target system, after which SQL injection can be leveraged to escalate privileges and gain high-impact access (confidentiality compromise, integrity violation, availability disruption). With a CVSS score of 7.7 and local attack vector, this poses a significant risk to organizations running vulnerable PolicyServer instances, particularly in multi-user environments or where low-privileged service accounts are present.
Link following (symlink) vulnerability in Trend Micro Deep Security 20.0 agent's anti-malware component that enables local privilege escalation. An attacker with low-privileged code execution can exploit this to gain elevated system privileges (confidentiality, integrity, and availability impact). While no public exploit or active exploitation in the wild has been confirmed, the CVSS 7.8 score and low attack complexity indicate this poses a significant risk to organizations running vulnerable versions.
Link following vulnerability (symlink attack) in Trend Micro Deep Security 20.0 agents that enables local privilege escalation on affected systems. An attacker with low-privileged code execution capability can exploit this flaw to gain high-level system access. The vulnerability has a CVSS score of 7.8 with high impact across confidentiality, integrity, and availability; KEV and POC status are not confirmed in available data, but the low attack complexity and low privilege requirement indicate moderate real-world risk once initial code execution is obtained.
Server-Side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central SaaS that allows authenticated attackers to manipulate parameters and disclose sensitive information from affected installations. The vulnerability affects only the SaaS deployment model of Apex Central; SaaS customers receiving automatic monthly maintenance updates are not impacted. While no public exploit or KEV status is indicated, the CVSS 7.1 score and information disclosure capability present moderate risk for organizations with manual SaaS deployments or on-premises installations.
Privilege escalation vulnerability in Trend Micro Apex One's Damage Cleanup Engine that exploits improper link following (CWE-269), allowing local attackers with low-privilege code execution to escalate to higher privileges. The vulnerability requires initial code execution on the target system but presents significant risk due to its high CVSS score (7.8) and likely real-world exploitability given the common prevalence of local code execution vectors in enterprise environments.
Privilege escalation vulnerability in Trend Micro Apex One's scan engine that exploits improper link handling to allow local attackers to escalate privileges. The vulnerability affects Trend Micro Apex One installations and requires an attacker to first obtain low-privileged code execution on the target system. While no active exploitation in the wild has been confirmed at this time, the CVSS score of 7.0 indicates a high-severity local privilege escalation risk for organizations running vulnerable versions.
CVE-2025-49155 is an uncontrolled search path vulnerability in Trend Micro Apex One's Data Loss Prevention (DLP) module that allows unauthenticated remote attackers to inject and execute arbitrary code. The vulnerability requires user interaction (CVSS UI:R) but poses critical risk to organizations deploying Apex One, as successful exploitation grants full system compromise with high confidentiality, integrity, and availability impact (CVSS 8.8). Exploitation likelihood should be assessed against current threat intelligence for active in-the-wild usage.
CVE-2025-49154 is an insecure access control vulnerability (CWE-284) in Trend Micro Apex One and Worry-Free Business Security that allows a local attacker with low-privileged code execution to overwrite critical memory-mapped files, potentially compromising system security and stability. With a CVSS score of 8.7 and low attack complexity, this vulnerability poses a significant risk to enterprise security postures, though exploitation requires prior code execution access. No active KEV confirmation or public POC availability is documented in standard vulnerability databases at this time.
Pre-authentication remote code execution vulnerability stemming from insecure deserialization in Trend Micro Apex Central versions below 8.0.7007. An unauthenticated attacker can exploit this vulnerability over the network with low complexity to achieve complete system compromise (confidentiality, integrity, and availability). This vulnerability is actively tracked by CISA as a known exploited vulnerability (KEV) with high CVSS 9.8 severity and carries significant real-world risk due to its network-accessible, authentication-bypass nature.
Local File Inclusion (LFI) vulnerability in Trend Micro Apex Central widgets (versions below 8.0.6955) that allows authenticated attackers to include and execute arbitrary PHP files, achieving remote code execution on affected systems. The vulnerability requires low-level user authentication and moderate attack complexity but carries high impact across confidentiality, integrity, and availability. Active exploitation status and proof-of-concept availability have not been confirmed from the provided data, but the authentication requirement and network accessibility make this a credible threat to deployed Apex Central instances.
Local File Inclusion (LFI) vulnerability in Trend Micro Apex Central widgets that enables remote code execution (RCE) on affected systems. This vulnerability affects Trend Micro Apex Central installations below version 8.0.6955 and requires an authenticated attacker with low privileges to exploit. The vulnerability combines LFI with RCE capabilities, representing a significant threat to organizations using vulnerable Apex Central deployments.