Search criteria
105 vulnerabilities found for apex_central by trendmicro
CVE-2025-69260 (GCVE-0-2025-69260)
Vulnerability from nvd – Published: 2026-01-08 12:50 – Updated: 2026-01-08 14:58
VLAI?
Summary
A message out-of-bounds read vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations.
Please note: authentication is not required in order to exploit this vulnerability.
Severity ?
7.5 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro, Inc. | Trend Micro Apex Central |
Affected:
2019 (14.0) , < Build 7190
(semver)
cpe:2.3:a:trendmicro:apexcentral:2019:7190:-:*:-:windows:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-69260",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-08T14:58:39.498913Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-08T14:58:45.973Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:trendmicro:apexcentral:2019:7190:-:*:-:windows:*:*"
],
"product": "Trend Micro Apex Central",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "Build 7190",
"status": "affected",
"version": "2019 (14.0)",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A message out-of-bounds read vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations.\r\n\r\nPlease note: authentication is not required in order to exploit this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346: Origin Validation Error",
"lang": "en-US",
"type": "CWE"
},
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-08T12:50:55.959Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"url": "https://success.trendmicro.com/en-US/solution/KA-0022071"
},
{
"url": "https://success.trendmicro.com/ja-JP/solution/KA-0022081"
},
{
"url": "https://www.tenable.com/security/research/tra-2026-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2025-69260",
"datePublished": "2026-01-08T12:50:55.959Z",
"dateReserved": "2025-12-30T16:24:23.580Z",
"dateUpdated": "2026-01-08T14:58:45.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-69259 (GCVE-0-2025-69259)
Vulnerability from nvd – Published: 2026-01-08 12:50 – Updated: 2026-01-08 14:58
VLAI?
Summary
A message unchecked NULL return value vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations.
Please note: authentication is not required in order to exploit this vulnerability..
Severity ?
7.5 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro, Inc. | Trend Micro Apex Central |
Affected:
2019 (14.0) , < Build 7190
(semver)
cpe:2.3:a:trendmicro:apexcentral:2019:7190:-:*:-:windows:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-69259",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-08T14:58:28.787063Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-08T14:58:32.770Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:trendmicro:apexcentral:2019:7190:-:*:-:windows:*:*"
],
"product": "Trend Micro Apex Central",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "Build 7190",
"status": "affected",
"version": "2019 (14.0)",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A message unchecked NULL return value vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations.\r\n\r\nPlease note: authentication is not required in order to exploit this vulnerability.."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346: Origin Validation Error",
"lang": "en-US",
"type": "CWE"
},
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-08T12:50:43.746Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"url": "https://success.trendmicro.com/en-US/solution/KA-0022071"
},
{
"url": "https://success.trendmicro.com/ja-JP/solution/KA-0022081"
},
{
"url": "https://www.tenable.com/security/research/tra-2026-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2025-69259",
"datePublished": "2026-01-08T12:50:43.746Z",
"dateReserved": "2025-12-30T16:24:23.580Z",
"dateUpdated": "2026-01-08T14:58:32.770Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-69258 (GCVE-0-2025-69258)
Vulnerability from nvd – Published: 2026-01-08 12:50 – Updated: 2026-01-09 04:55
VLAI?
Summary
A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations.
Severity ?
9.8 (Critical)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro, Inc. | Trend Micro Apex Central |
Affected:
2019 (14.0) , < Build 7190
(semver)
cpe:2.3:a:trendmicro:apexcentral:2019:7190:-:*:-:windows:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-69258",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-08T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T04:55:19.118Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:trendmicro:apexcentral:2019:7190:-:*:-:windows:*:*"
],
"product": "Trend Micro Apex Central",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "Build 7190",
"status": "affected",
"version": "2019 (14.0)",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290: Authentication Bypass by Spoofing",
"lang": "en-US",
"type": "CWE"
},
{
"cweId": "CWE-346",
"description": "CWE-346: Origin Validation Error",
"lang": "en-US",
"type": "CWE"
},
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-08T12:50:25.113Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"url": "https://success.trendmicro.com/en-US/solution/KA-0022071"
},
{
"url": "https://success.trendmicro.com/ja-JP/solution/KA-0022081"
},
{
"url": "https://www.tenable.com/security/research/tra-2026-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2025-69258",
"datePublished": "2026-01-08T12:50:25.113Z",
"dateReserved": "2025-12-30T16:24:23.580Z",
"dateUpdated": "2026-01-09T04:55:19.118Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-30680 (GCVE-0-2025-30680)
Vulnerability from nvd – Published: 2025-06-17 19:56 – Updated: 2025-06-20 13:12 Exclusively Hosted Service
VLAI?
Summary
A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (SaaS) could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations.
Please note: this vulnerability only affects the SaaS instance of Apex Central - customers that automatically apply Trend Micro's monthly maintenance releases to the SaaS instance do not have to take any further action.
Severity ?
7.5 (High)
CWE
- CWE-918 - SSRF
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro, Inc. | Trend Micro Apex Central |
Affected:
SaaS , < 8.0.6955
(semver)
cpe:2.3:a:trendmicro:apex_central:SaaS:*:*:en:*:windows_10:x86_64:1809 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30680",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-18T14:19:50.267446Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-20T13:12:46.037Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:trendmicro:apex_central:SaaS:*:*:en:*:windows_10:x86_64:1809"
],
"product": "Trend Micro Apex Central",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "8.0.6955",
"status": "affected",
"version": "SaaS",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (SaaS) could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations. \r\n\r\nPlease note: this vulnerability only affects the SaaS instance of Apex Central - customers that automatically apply Trend Micro\u0027s monthly maintenance releases to the SaaS instance do not have to take any further action."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: SSRF",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T19:56:23.405Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"url": "https://success.trendmicro.com/en-US/solution/KA-0019355"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-238/"
}
],
"tags": [
"exclusively-hosted-service"
]
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2025-30680",
"datePublished": "2025-06-17T19:56:23.405Z",
"dateReserved": "2025-03-25T17:52:24.546Z",
"dateUpdated": "2025-06-20T13:12:46.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30679 (GCVE-0-2025-30679)
Vulnerability from nvd – Published: 2025-06-17 19:56 – Updated: 2025-06-20 13:12
VLAI?
Summary
A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modOSCE component could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations.
Severity ?
6.5 (Medium)
CWE
- CWE-918 - SSRF
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro, Inc. | Trend Micro Apex Central |
Affected:
8.0 , < 8.0.6955
(semver)
cpe:2.3:a:trendmicro:apex_central:6955:*:*:en:*:windows_10:x86_64:1809 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30679",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-18T14:19:52.442400Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-20T13:12:51.981Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:trendmicro:apex_central:6955:*:*:en:*:windows_10:x86_64:1809"
],
"product": "Trend Micro Apex Central",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "8.0.6955",
"status": "affected",
"version": "8.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modOSCE component could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: SSRF",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T19:56:11.050Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"url": "https://success.trendmicro.com/en-US/solution/KA-0019355"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-237/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2025-30679",
"datePublished": "2025-06-17T19:56:11.050Z",
"dateReserved": "2025-03-25T17:52:24.546Z",
"dateUpdated": "2025-06-20T13:12:51.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30678 (GCVE-0-2025-30678)
Vulnerability from nvd – Published: 2025-06-17 19:56 – Updated: 2025-06-20 13:12
VLAI?
Summary
A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modTMSM component could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations.
Severity ?
6.5 (Medium)
CWE
- CWE-918 - SSRF
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro, Inc. | Trend Micro Apex Central |
Affected:
8.0 , < 8.0.6955
(semver)
cpe:2.3:a:trendmicro:apex_central:6955:*:*:en:*:windows_10:x86_64:1809 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30678",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-18T14:19:54.649915Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-20T13:12:57.801Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:trendmicro:apex_central:6955:*:*:en:*:windows_10:x86_64:1809"
],
"product": "Trend Micro Apex Central",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "8.0.6955",
"status": "affected",
"version": "8.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modTMSM component could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: SSRF",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T19:56:01.476Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"url": "https://success.trendmicro.com/en-US/solution/KA-0019355"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-236/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2025-30678",
"datePublished": "2025-06-17T19:56:01.476Z",
"dateReserved": "2025-03-25T17:52:24.546Z",
"dateUpdated": "2025-06-20T13:12:57.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49220 (GCVE-0-2025-49220)
Vulnerability from nvd – Published: 2025-06-17 17:43 – Updated: 2025-06-18 03:56
VLAI?
Summary
An insecure deserialization operation in Trend Micro Apex Central below version 8.0.7007 could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49219 but is in a different method.
Severity ?
9.8 (Critical)
CWE
- CWE-477 - Use of Obsolete Function
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro, Inc. | Trend Micro Apex Central |
Affected:
8.0 , < 8.0.7007
(semver)
cpe:2.3:a:trendmicro:apex_central:7007:*:*:en:*:windows_10:x86_64:1809 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49220",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-17T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T03:56:05.373Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:trendmicro:apex_central:7007:*:*:en:*:windows_10:x86_64:1809"
],
"product": "Trend Micro Apex Central",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "8.0.7007",
"status": "affected",
"version": "8.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An insecure deserialization operation in Trend Micro Apex Central below version 8.0.7007 could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49219 but is in a different method."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-477",
"description": "CWE-477: Use of Obsolete Function",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T17:43:23.501Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"url": "https://success.trendmicro.com/en-US/solution/KA-0019926"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-367/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2025-49220",
"datePublished": "2025-06-17T17:43:23.501Z",
"dateReserved": "2025-06-03T18:11:27.260Z",
"dateUpdated": "2025-06-18T03:56:05.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49219 (GCVE-0-2025-49219)
Vulnerability from nvd – Published: 2025-06-17 17:43 – Updated: 2025-06-18 03:56
VLAI?
Summary
An insecure deserialization operation in Trend Micro Apex Central below versions 8.0.7007 could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49220 but is in a different method.
Severity ?
9.8 (Critical)
CWE
- CWE-477 - Use of Obsolete Function
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro, Inc. | Trend Micro Apex Central |
Affected:
8.0 , < 8.0.7007
(semver)
cpe:2.3:a:trendmicro:apex_central:7007:*:*:en:*:windows_10:x86_64:1809 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49219",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-17T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T03:56:06.490Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:trendmicro:apex_central:7007:*:*:en:*:windows_10:x86_64:1809"
],
"product": "Trend Micro Apex Central",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "8.0.7007",
"status": "affected",
"version": "8.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An insecure deserialization operation in Trend Micro Apex Central below versions 8.0.7007 could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49220 but is in a different method."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-477",
"description": "CWE-477: Use of Obsolete Function",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T17:43:12.062Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"url": "https://success.trendmicro.com/en-US/solution/KA-0019926"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-366/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2025-49219",
"datePublished": "2025-06-17T17:43:12.062Z",
"dateReserved": "2025-06-03T18:11:27.260Z",
"dateUpdated": "2025-06-18T03:56:06.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-47867 (GCVE-0-2025-47867)
Vulnerability from nvd – Published: 2025-06-17 17:42 – Updated: 2025-06-18 03:56
VLAI?
Summary
A Local File Inclusion vulnerability in a Trend Micro Apex Central widget in versions below 8.0.6955 could allow an attacker to include arbitrary files to execute as PHP code and lead to remote code execution on affected installations.
Severity ?
7.5 (High)
CWE
- CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro, Inc. | Trend Micro Apex Central |
Affected:
8.0 , < 8.0.6955
(semver)
cpe:2.3:a:trendmicro:apex_central:6955:*:*:en:*:windows_10:x86_64:1809 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47867",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-17T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T03:56:08.682Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:trendmicro:apex_central:6955:*:*:en:*:windows_10:x86_64:1809"
],
"product": "Trend Micro Apex Central",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "8.0.6955",
"status": "affected",
"version": "8.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Local File Inclusion vulnerability in a Trend Micro Apex Central widget in versions below 8.0.6955 could allow an attacker to include arbitrary files to execute as PHP code and lead to remote code execution on affected installations."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T17:42:55.846Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"url": "https://success.trendmicro.com/en-US/solution/KA-0019355"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-297/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2025-47867",
"datePublished": "2025-06-17T17:42:55.846Z",
"dateReserved": "2025-05-12T16:13:08.568Z",
"dateUpdated": "2025-06-18T03:56:08.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2025-69260
Vulnerability from fkie_nvd - Published: 2026-01-08 13:15 - Updated: 2026-01-15 19:11
Severity ?
Summary
A message out-of-bounds read vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations.
Please note: authentication is not required in order to exploit this vulnerability.
References
| URL | Tags | ||
|---|---|---|---|
| security@trendmicro.com | https://success.trendmicro.com/en-US/solution/KA-0022071 | Vendor Advisory | |
| security@trendmicro.com | https://success.trendmicro.com/ja-JP/solution/KA-0022081 | Vendor Advisory | |
| security@trendmicro.com | https://www.tenable.com/security/research/tra-2026-01 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:-:*:*:-:*:*:*",
"matchCriteriaId": "664A5F5B-7494-4ADF-9028-CA5DC84AF91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_3752:*:*:-:*:*:*",
"matchCriteriaId": "316E50F7-A9DA-4B67-9ECC-C8D50116BA07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_5158:*:*:-:*:*:*",
"matchCriteriaId": "8FBF6D0D-D68E-4DB2-B4DE-D4157FEE54F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6016:*:*:-:*:*:*",
"matchCriteriaId": "4B11EE47-757F-4A7D-806A-01C956535F4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6288:*:*:-:*:*:*",
"matchCriteriaId": "FB8D4938-783C-4954-95C0-BD26162330A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6394:*:*:-:*:*:*",
"matchCriteriaId": "8FFFED78-5927-4529-B74C-BF988108EC0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6481:*:*:-:*:*:*",
"matchCriteriaId": "D919B553-6CBD-4211-A507-CD930D485852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6511:*:*:-:*:*:*",
"matchCriteriaId": "F30EC7A8-6E0D-40CE-9691-90F438F1F03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6571:*:*:-:*:*:*",
"matchCriteriaId": "F905E86D-E3D9-4E54-B2A6-01753043A9F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6658:*:*:-:*:*:*",
"matchCriteriaId": "231493F7-3804-4123-BE1E-ABC3AC46DAAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6660:*:*:-:*:*:*",
"matchCriteriaId": "983C3666-DF36-4C30-BD70-669734D28475",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6890:*:*:-:*:*:*",
"matchCriteriaId": "2EFB9449-DB07-4F75-AB53-23F2B721C0CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6955:*:*:-:*:*:*",
"matchCriteriaId": "8F586BF3-DD53-4243-8A9F-18D0599E9397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_7007:*:*:-:*:*:*",
"matchCriteriaId": "90DA4B19-8DE2-48B6-B5A7-528AD8978C00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_7065:*:*:-:*:*:*",
"matchCriteriaId": "F48D37D0-0FA2-4C9D-A121-C64B0F8F8D1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_7141:*:*:-:*:*:*",
"matchCriteriaId": "A4AC419E-AB59-46E0-BEDF-CAD6AF84E8BB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A message out-of-bounds read vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations.\r\n\r\nPlease note: authentication is not required in order to exploit this vulnerability."
}
],
"id": "CVE-2025-69260",
"lastModified": "2026-01-15T19:11:14.113",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security@trendmicro.com",
"type": "Secondary"
}
]
},
"published": "2026-01-08T13:15:43.153",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/en-US/solution/KA-0022071"
},
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/ja-JP/solution/KA-0022081"
},
{
"source": "security@trendmicro.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2026-01"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
},
{
"lang": "en",
"value": "CWE-346"
}
],
"source": "security@trendmicro.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2025-69259
Vulnerability from fkie_nvd - Published: 2026-01-08 13:15 - Updated: 2026-01-15 19:14
Severity ?
Summary
A message unchecked NULL return value vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations.
Please note: authentication is not required in order to exploit this vulnerability..
References
| URL | Tags | ||
|---|---|---|---|
| security@trendmicro.com | https://success.trendmicro.com/en-US/solution/KA-0022071 | Vendor Advisory | |
| security@trendmicro.com | https://success.trendmicro.com/ja-JP/solution/KA-0022081 | Vendor Advisory | |
| security@trendmicro.com | https://www.tenable.com/security/research/tra-2026-01 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:-:*:*:-:*:*:*",
"matchCriteriaId": "664A5F5B-7494-4ADF-9028-CA5DC84AF91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_3752:*:*:-:*:*:*",
"matchCriteriaId": "316E50F7-A9DA-4B67-9ECC-C8D50116BA07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_5158:*:*:-:*:*:*",
"matchCriteriaId": "8FBF6D0D-D68E-4DB2-B4DE-D4157FEE54F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6016:*:*:-:*:*:*",
"matchCriteriaId": "4B11EE47-757F-4A7D-806A-01C956535F4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6288:*:*:-:*:*:*",
"matchCriteriaId": "FB8D4938-783C-4954-95C0-BD26162330A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6394:*:*:-:*:*:*",
"matchCriteriaId": "8FFFED78-5927-4529-B74C-BF988108EC0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6481:*:*:-:*:*:*",
"matchCriteriaId": "D919B553-6CBD-4211-A507-CD930D485852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6511:*:*:-:*:*:*",
"matchCriteriaId": "F30EC7A8-6E0D-40CE-9691-90F438F1F03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6571:*:*:-:*:*:*",
"matchCriteriaId": "F905E86D-E3D9-4E54-B2A6-01753043A9F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6658:*:*:-:*:*:*",
"matchCriteriaId": "231493F7-3804-4123-BE1E-ABC3AC46DAAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6660:*:*:-:*:*:*",
"matchCriteriaId": "983C3666-DF36-4C30-BD70-669734D28475",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6890:*:*:-:*:*:*",
"matchCriteriaId": "2EFB9449-DB07-4F75-AB53-23F2B721C0CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6955:*:*:-:*:*:*",
"matchCriteriaId": "8F586BF3-DD53-4243-8A9F-18D0599E9397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_7007:*:*:-:*:*:*",
"matchCriteriaId": "90DA4B19-8DE2-48B6-B5A7-528AD8978C00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_7065:*:*:-:*:*:*",
"matchCriteriaId": "F48D37D0-0FA2-4C9D-A121-C64B0F8F8D1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_7141:*:*:-:*:*:*",
"matchCriteriaId": "A4AC419E-AB59-46E0-BEDF-CAD6AF84E8BB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A message unchecked NULL return value vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations.\r\n\r\nPlease note: authentication is not required in order to exploit this vulnerability.."
}
],
"id": "CVE-2025-69259",
"lastModified": "2026-01-15T19:14:24.493",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security@trendmicro.com",
"type": "Secondary"
}
]
},
"published": "2026-01-08T13:15:43.020",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/en-US/solution/KA-0022071"
},
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/ja-JP/solution/KA-0022081"
},
{
"source": "security@trendmicro.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2026-01"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
},
{
"lang": "en",
"value": "CWE-346"
}
],
"source": "security@trendmicro.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2025-69258
Vulnerability from fkie_nvd - Published: 2026-01-08 13:15 - Updated: 2026-01-15 19:18
Severity ?
Summary
A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations.
References
| URL | Tags | ||
|---|---|---|---|
| security@trendmicro.com | https://success.trendmicro.com/en-US/solution/KA-0022071 | Vendor Advisory | |
| security@trendmicro.com | https://success.trendmicro.com/ja-JP/solution/KA-0022081 | Vendor Advisory | |
| security@trendmicro.com | https://www.tenable.com/security/research/tra-2026-01 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:-:*:*:-:*:*:*",
"matchCriteriaId": "664A5F5B-7494-4ADF-9028-CA5DC84AF91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_3752:*:*:-:*:*:*",
"matchCriteriaId": "316E50F7-A9DA-4B67-9ECC-C8D50116BA07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_5158:*:*:-:*:*:*",
"matchCriteriaId": "8FBF6D0D-D68E-4DB2-B4DE-D4157FEE54F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6016:*:*:-:*:*:*",
"matchCriteriaId": "4B11EE47-757F-4A7D-806A-01C956535F4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6288:*:*:-:*:*:*",
"matchCriteriaId": "FB8D4938-783C-4954-95C0-BD26162330A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6394:*:*:-:*:*:*",
"matchCriteriaId": "8FFFED78-5927-4529-B74C-BF988108EC0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6481:*:*:-:*:*:*",
"matchCriteriaId": "D919B553-6CBD-4211-A507-CD930D485852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6511:*:*:-:*:*:*",
"matchCriteriaId": "F30EC7A8-6E0D-40CE-9691-90F438F1F03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6571:*:*:-:*:*:*",
"matchCriteriaId": "F905E86D-E3D9-4E54-B2A6-01753043A9F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6658:*:*:-:*:*:*",
"matchCriteriaId": "231493F7-3804-4123-BE1E-ABC3AC46DAAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6660:*:*:-:*:*:*",
"matchCriteriaId": "983C3666-DF36-4C30-BD70-669734D28475",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6890:*:*:-:*:*:*",
"matchCriteriaId": "2EFB9449-DB07-4F75-AB53-23F2B721C0CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6955:*:*:-:*:*:*",
"matchCriteriaId": "8F586BF3-DD53-4243-8A9F-18D0599E9397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_7007:*:*:-:*:*:*",
"matchCriteriaId": "90DA4B19-8DE2-48B6-B5A7-528AD8978C00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_7065:*:*:-:*:*:*",
"matchCriteriaId": "F48D37D0-0FA2-4C9D-A121-C64B0F8F8D1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_7141:*:*:-:*:*:*",
"matchCriteriaId": "A4AC419E-AB59-46E0-BEDF-CAD6AF84E8BB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations."
}
],
"id": "CVE-2025-69258",
"lastModified": "2026-01-15T19:18:37.133",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security@trendmicro.com",
"type": "Secondary"
}
]
},
"published": "2026-01-08T13:15:42.870",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/en-US/solution/KA-0022071"
},
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/ja-JP/solution/KA-0022081"
},
{
"source": "security@trendmicro.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2026-01"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
},
{
"lang": "en",
"value": "CWE-290"
},
{
"lang": "en",
"value": "CWE-346"
}
],
"source": "security@trendmicro.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-30680
Vulnerability from fkie_nvd - Published: 2025-06-17 20:15 - Updated: 2025-09-08 21:04
Severity ?
Summary
A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (SaaS) could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations.
Please note: this vulnerability only affects the SaaS instance of Apex Central - customers that automatically apply Trend Micro's monthly maintenance releases to the SaaS instance do not have to take any further action.
References
| URL | Tags | ||
|---|---|---|---|
| security@trendmicro.com | https://success.trendmicro.com/en-US/solution/KA-0019355 | Vendor Advisory | |
| security@trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-25-238/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | apex_central | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:*:*:*:*:saas:*:*:*",
"matchCriteriaId": "2E3910C7-B628-45C7-A317-A69D1A972B90",
"versionEndExcluding": "2025-03-01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [
{
"sourceIdentifier": "security@trendmicro.com",
"tags": [
"exclusively-hosted-service"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (SaaS) could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations. \r\n\r\nPlease note: this vulnerability only affects the SaaS instance of Apex Central - customers that automatically apply Trend Micro\u0027s monthly maintenance releases to the SaaS instance do not have to take any further action."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Server-side Request Forgery (SSRF) en Trend Micro Apex Central (SaaS) podr\u00eda permitir a un atacante manipular ciertos par\u00e1metros, lo que podr\u00eda provocar la divulgaci\u00f3n de informaci\u00f3n en las instalaciones afectadas. Nota: Esta vulnerabilidad solo afecta a la instancia SaaS de Apex Central; los clientes que aplican autom\u00e1ticamente las actualizaciones de mantenimiento mensuales de Trend Micro a la instancia SaaS no tienen que realizar ninguna acci\u00f3n adicional."
}
],
"id": "CVE-2025-30680",
"lastModified": "2025-09-08T21:04:31.983",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "security@trendmicro.com",
"type": "Secondary"
}
]
},
"published": "2025-06-17T20:15:31.823",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/en-US/solution/KA-0019355"
},
{
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-238/"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "security@trendmicro.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-30679
Vulnerability from fkie_nvd - Published: 2025-06-17 20:15 - Updated: 2025-09-08 21:04
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modOSCE component could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations.
References
| URL | Tags | ||
|---|---|---|---|
| security@trendmicro.com | https://success.trendmicro.com/en-US/solution/KA-0019355 | Vendor Advisory | |
| security@trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-25-237/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:-:*:*:-:*:*:*",
"matchCriteriaId": "664A5F5B-7494-4ADF-9028-CA5DC84AF91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_3752:*:*:-:*:*:*",
"matchCriteriaId": "316E50F7-A9DA-4B67-9ECC-C8D50116BA07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_5158:*:*:-:*:*:*",
"matchCriteriaId": "8FBF6D0D-D68E-4DB2-B4DE-D4157FEE54F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6016:*:*:-:*:*:*",
"matchCriteriaId": "4B11EE47-757F-4A7D-806A-01C956535F4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6288:*:*:-:*:*:*",
"matchCriteriaId": "FB8D4938-783C-4954-95C0-BD26162330A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6394:*:*:-:*:*:*",
"matchCriteriaId": "8FFFED78-5927-4529-B74C-BF988108EC0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6481:*:*:-:*:*:*",
"matchCriteriaId": "D919B553-6CBD-4211-A507-CD930D485852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6511:*:*:-:*:*:*",
"matchCriteriaId": "F30EC7A8-6E0D-40CE-9691-90F438F1F03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6571:*:*:-:*:*:*",
"matchCriteriaId": "F905E86D-E3D9-4E54-B2A6-01753043A9F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6658:*:*:-:*:*:*",
"matchCriteriaId": "231493F7-3804-4123-BE1E-ABC3AC46DAAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6660:*:*:-:*:*:*",
"matchCriteriaId": "983C3666-DF36-4C30-BD70-669734D28475",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6890:*:*:-:*:*:*",
"matchCriteriaId": "2EFB9449-DB07-4F75-AB53-23F2B721C0CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modOSCE component could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Server-side Request Forgery (SSRF) en el componente modOSCE de Trend Micro Apex Central (local) podr\u00eda permitir que un atacante manipule ciertos par\u00e1metros, lo que lleva a la divulgaci\u00f3n de informaci\u00f3n en las instalaciones afectadas."
}
],
"id": "CVE-2025-30679",
"lastModified": "2025-09-08T21:04:42.650",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security@trendmicro.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-06-17T20:15:31.677",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/en-US/solution/KA-0019355"
},
{
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-237/"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "security@trendmicro.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-30678
Vulnerability from fkie_nvd - Published: 2025-06-17 20:15 - Updated: 2025-09-08 21:04
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modTMSM component could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations.
References
| URL | Tags | ||
|---|---|---|---|
| security@trendmicro.com | https://success.trendmicro.com/en-US/solution/KA-0019355 | Vendor Advisory | |
| security@trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-25-236/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:-:*:*:-:*:*:*",
"matchCriteriaId": "664A5F5B-7494-4ADF-9028-CA5DC84AF91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_3752:*:*:-:*:*:*",
"matchCriteriaId": "316E50F7-A9DA-4B67-9ECC-C8D50116BA07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_5158:*:*:-:*:*:*",
"matchCriteriaId": "8FBF6D0D-D68E-4DB2-B4DE-D4157FEE54F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6016:*:*:-:*:*:*",
"matchCriteriaId": "4B11EE47-757F-4A7D-806A-01C956535F4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6288:*:*:-:*:*:*",
"matchCriteriaId": "FB8D4938-783C-4954-95C0-BD26162330A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6394:*:*:-:*:*:*",
"matchCriteriaId": "8FFFED78-5927-4529-B74C-BF988108EC0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6481:*:*:-:*:*:*",
"matchCriteriaId": "D919B553-6CBD-4211-A507-CD930D485852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6511:*:*:-:*:*:*",
"matchCriteriaId": "F30EC7A8-6E0D-40CE-9691-90F438F1F03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6571:*:*:-:*:*:*",
"matchCriteriaId": "F905E86D-E3D9-4E54-B2A6-01753043A9F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6658:*:*:-:*:*:*",
"matchCriteriaId": "231493F7-3804-4123-BE1E-ABC3AC46DAAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6660:*:*:-:*:*:*",
"matchCriteriaId": "983C3666-DF36-4C30-BD70-669734D28475",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6890:*:*:-:*:*:*",
"matchCriteriaId": "2EFB9449-DB07-4F75-AB53-23F2B721C0CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modTMSM component could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Server-side Request Forgery (SSRF) en el componente modTMSM de Trend Micro Apex Central (local) podr\u00eda permitir que un atacante manipule ciertos par\u00e1metros, lo que lleva a la divulgaci\u00f3n de informaci\u00f3n en las instalaciones afectadas."
}
],
"id": "CVE-2025-30678",
"lastModified": "2025-09-08T21:04:45.197",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security@trendmicro.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-06-17T20:15:31.563",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/en-US/solution/KA-0019355"
},
{
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-236/"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "security@trendmicro.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-49220
Vulnerability from fkie_nvd - Published: 2025-06-17 18:15 - Updated: 2025-09-08 21:06
Severity ?
Summary
An insecure deserialization operation in Trend Micro Apex Central below version 8.0.7007 could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49219 but is in a different method.
References
| URL | Tags | ||
|---|---|---|---|
| security@trendmicro.com | https://success.trendmicro.com/en-US/solution/KA-0019926 | Vendor Advisory | |
| security@trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-25-367/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:-:*:*:-:*:*:*",
"matchCriteriaId": "664A5F5B-7494-4ADF-9028-CA5DC84AF91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_3752:*:*:-:*:*:*",
"matchCriteriaId": "316E50F7-A9DA-4B67-9ECC-C8D50116BA07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_5158:*:*:-:*:*:*",
"matchCriteriaId": "8FBF6D0D-D68E-4DB2-B4DE-D4157FEE54F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6016:*:*:-:*:*:*",
"matchCriteriaId": "4B11EE47-757F-4A7D-806A-01C956535F4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6288:*:*:-:*:*:*",
"matchCriteriaId": "FB8D4938-783C-4954-95C0-BD26162330A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6394:*:*:-:*:*:*",
"matchCriteriaId": "8FFFED78-5927-4529-B74C-BF988108EC0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6481:*:*:-:*:*:*",
"matchCriteriaId": "D919B553-6CBD-4211-A507-CD930D485852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6511:*:*:-:*:*:*",
"matchCriteriaId": "F30EC7A8-6E0D-40CE-9691-90F438F1F03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6571:*:*:-:*:*:*",
"matchCriteriaId": "F905E86D-E3D9-4E54-B2A6-01753043A9F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6658:*:*:-:*:*:*",
"matchCriteriaId": "231493F7-3804-4123-BE1E-ABC3AC46DAAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6660:*:*:-:*:*:*",
"matchCriteriaId": "983C3666-DF36-4C30-BD70-669734D28475",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6890:*:*:-:*:*:*",
"matchCriteriaId": "2EFB9449-DB07-4F75-AB53-23F2B721C0CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6955:*:*:-:*:*:*",
"matchCriteriaId": "8F586BF3-DD53-4243-8A9F-18D0599E9397",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An insecure deserialization operation in Trend Micro Apex Central below version 8.0.7007 could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49219 but is in a different method."
},
{
"lang": "es",
"value": "Una operaci\u00f3n de deserializaci\u00f3n insegura en Trend Micro Apex Central (versi\u00f3n anterior a la 8.0.7007) podr\u00eda provocar la ejecuci\u00f3n remota de c\u00f3digo antes de la autenticaci\u00f3n en las instalaciones afectadas. Tenga en cuenta que esta vulnerabilidad es similar a CVE-2025-49219, pero se presenta con un m\u00e9todo diferente."
}
],
"id": "CVE-2025-49220",
"lastModified": "2025-09-08T21:06:21.787",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security@trendmicro.com",
"type": "Secondary"
}
]
},
"published": "2025-06-17T18:15:27.033",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/en-US/solution/KA-0019926"
},
{
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-367/"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-477"
}
],
"source": "security@trendmicro.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2025-47865
Vulnerability from fkie_nvd - Published: 2025-06-17 18:15 - Updated: 2025-09-08 21:04
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A Local File Inclusion vulnerability in a Trend Micro Apex Central widget below version 8.0.6955 could allow an attacker to gain remote code execution on affected installations.
References
| URL | Tags | ||
|---|---|---|---|
| security@trendmicro.com | https://success.trendmicro.com/en-US/solution/KA-0019355 | Vendor Advisory | |
| security@trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-25-295/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:-:*:*:-:*:*:*",
"matchCriteriaId": "664A5F5B-7494-4ADF-9028-CA5DC84AF91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_3752:*:*:-:*:*:*",
"matchCriteriaId": "316E50F7-A9DA-4B67-9ECC-C8D50116BA07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_5158:*:*:-:*:*:*",
"matchCriteriaId": "8FBF6D0D-D68E-4DB2-B4DE-D4157FEE54F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6016:*:*:-:*:*:*",
"matchCriteriaId": "4B11EE47-757F-4A7D-806A-01C956535F4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6288:*:*:-:*:*:*",
"matchCriteriaId": "FB8D4938-783C-4954-95C0-BD26162330A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6394:*:*:-:*:*:*",
"matchCriteriaId": "8FFFED78-5927-4529-B74C-BF988108EC0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6481:*:*:-:*:*:*",
"matchCriteriaId": "D919B553-6CBD-4211-A507-CD930D485852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6511:*:*:-:*:*:*",
"matchCriteriaId": "F30EC7A8-6E0D-40CE-9691-90F438F1F03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6571:*:*:-:*:*:*",
"matchCriteriaId": "F905E86D-E3D9-4E54-B2A6-01753043A9F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6658:*:*:-:*:*:*",
"matchCriteriaId": "231493F7-3804-4123-BE1E-ABC3AC46DAAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6660:*:*:-:*:*:*",
"matchCriteriaId": "983C3666-DF36-4C30-BD70-669734D28475",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6890:*:*:-:*:*:*",
"matchCriteriaId": "2EFB9449-DB07-4F75-AB53-23F2B721C0CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Local File Inclusion vulnerability in a Trend Micro Apex Central widget below version 8.0.6955 could allow an attacker to gain remote code execution on affected installations."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inclusi\u00f3n de archivos locales en un widget de Trend Micro Apex Central anterior a la versi\u00f3n 8.0.6955 podr\u00eda permitir que un atacante obtenga ejecuci\u00f3n remota de c\u00f3digo en las instalaciones afectadas."
}
],
"id": "CVE-2025-47865",
"lastModified": "2025-09-08T21:04:46.980",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "security@trendmicro.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-06-17T18:15:26.403",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/en-US/solution/KA-0019355"
},
{
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-295/"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-475"
}
],
"source": "security@trendmicro.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2025-49219
Vulnerability from fkie_nvd - Published: 2025-06-17 18:15 - Updated: 2025-09-08 21:06
Severity ?
Summary
An insecure deserialization operation in Trend Micro Apex Central below versions 8.0.7007 could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49220 but is in a different method.
References
| URL | Tags | ||
|---|---|---|---|
| security@trendmicro.com | https://success.trendmicro.com/en-US/solution/KA-0019926 | Vendor Advisory | |
| security@trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-25-366/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:-:*:*:-:*:*:*",
"matchCriteriaId": "664A5F5B-7494-4ADF-9028-CA5DC84AF91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_3752:*:*:-:*:*:*",
"matchCriteriaId": "316E50F7-A9DA-4B67-9ECC-C8D50116BA07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_5158:*:*:-:*:*:*",
"matchCriteriaId": "8FBF6D0D-D68E-4DB2-B4DE-D4157FEE54F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6016:*:*:-:*:*:*",
"matchCriteriaId": "4B11EE47-757F-4A7D-806A-01C956535F4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6288:*:*:-:*:*:*",
"matchCriteriaId": "FB8D4938-783C-4954-95C0-BD26162330A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6394:*:*:-:*:*:*",
"matchCriteriaId": "8FFFED78-5927-4529-B74C-BF988108EC0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6481:*:*:-:*:*:*",
"matchCriteriaId": "D919B553-6CBD-4211-A507-CD930D485852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6511:*:*:-:*:*:*",
"matchCriteriaId": "F30EC7A8-6E0D-40CE-9691-90F438F1F03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6571:*:*:-:*:*:*",
"matchCriteriaId": "F905E86D-E3D9-4E54-B2A6-01753043A9F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6658:*:*:-:*:*:*",
"matchCriteriaId": "231493F7-3804-4123-BE1E-ABC3AC46DAAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6660:*:*:-:*:*:*",
"matchCriteriaId": "983C3666-DF36-4C30-BD70-669734D28475",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6890:*:*:-:*:*:*",
"matchCriteriaId": "2EFB9449-DB07-4F75-AB53-23F2B721C0CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6955:*:*:-:*:*:*",
"matchCriteriaId": "8F586BF3-DD53-4243-8A9F-18D0599E9397",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An insecure deserialization operation in Trend Micro Apex Central below versions 8.0.7007 could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49220 but is in a different method."
},
{
"lang": "es",
"value": "Una operaci\u00f3n de deserializaci\u00f3n insegura en Trend Micro Apex Central (versiones anteriores a la 8.0.7007) podr\u00eda provocar la ejecuci\u00f3n remota de c\u00f3digo antes de la autenticaci\u00f3n en las instalaciones afectadas. Tenga en cuenta que esta vulnerabilidad es similar a CVE-2025-49220, pero se presenta con un m\u00e9todo diferente."
}
],
"id": "CVE-2025-49219",
"lastModified": "2025-09-08T21:06:23.910",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security@trendmicro.com",
"type": "Secondary"
}
]
},
"published": "2025-06-17T18:15:26.903",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/en-US/solution/KA-0019926"
},
{
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-366/"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-477"
}
],
"source": "security@trendmicro.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2025-47867
Vulnerability from fkie_nvd - Published: 2025-06-17 18:15 - Updated: 2025-09-08 21:04
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A Local File Inclusion vulnerability in a Trend Micro Apex Central widget in versions below 8.0.6955 could allow an attacker to include arbitrary files to execute as PHP code and lead to remote code execution on affected installations.
References
| URL | Tags | ||
|---|---|---|---|
| security@trendmicro.com | https://success.trendmicro.com/en-US/solution/KA-0019355 | Vendor Advisory | |
| security@trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-25-297/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:-:*:*:-:*:*:*",
"matchCriteriaId": "664A5F5B-7494-4ADF-9028-CA5DC84AF91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_3752:*:*:-:*:*:*",
"matchCriteriaId": "316E50F7-A9DA-4B67-9ECC-C8D50116BA07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_5158:*:*:-:*:*:*",
"matchCriteriaId": "8FBF6D0D-D68E-4DB2-B4DE-D4157FEE54F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6016:*:*:-:*:*:*",
"matchCriteriaId": "4B11EE47-757F-4A7D-806A-01C956535F4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6288:*:*:-:*:*:*",
"matchCriteriaId": "FB8D4938-783C-4954-95C0-BD26162330A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6394:*:*:-:*:*:*",
"matchCriteriaId": "8FFFED78-5927-4529-B74C-BF988108EC0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6481:*:*:-:*:*:*",
"matchCriteriaId": "D919B553-6CBD-4211-A507-CD930D485852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6511:*:*:-:*:*:*",
"matchCriteriaId": "F30EC7A8-6E0D-40CE-9691-90F438F1F03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6571:*:*:-:*:*:*",
"matchCriteriaId": "F905E86D-E3D9-4E54-B2A6-01753043A9F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6658:*:*:-:*:*:*",
"matchCriteriaId": "231493F7-3804-4123-BE1E-ABC3AC46DAAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6660:*:*:-:*:*:*",
"matchCriteriaId": "983C3666-DF36-4C30-BD70-669734D28475",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6890:*:*:-:*:*:*",
"matchCriteriaId": "2EFB9449-DB07-4F75-AB53-23F2B721C0CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Local File Inclusion vulnerability in a Trend Micro Apex Central widget in versions below 8.0.6955 could allow an attacker to include arbitrary files to execute as PHP code and lead to remote code execution on affected installations."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inclusi\u00f3n de archivos locales en un widget de Trend Micro Apex Central en versiones anteriores a 8.0.6955 podr\u00eda permitir que un atacante incluya archivos arbitrarios para ejecutarlos como c\u00f3digo PHP y provocar la ejecuci\u00f3n remota de c\u00f3digo en las instalaciones afectadas."
}
],
"id": "CVE-2025-47867",
"lastModified": "2025-09-08T21:04:50.527",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "security@trendmicro.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-06-17T18:15:26.703",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/en-US/solution/KA-0019355"
},
{
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-297/"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "security@trendmicro.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2025-47866
Vulnerability from fkie_nvd - Published: 2025-06-17 18:15 - Updated: 2025-09-08 21:04
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
An unrestricted file upload vulnerability in a Trend Micro Apex Central widget below version 8.0.6955 could allow an attacker to upload arbitrary files on affected installations.
References
| URL | Tags | ||
|---|---|---|---|
| security@trendmicro.com | https://success.trendmicro.com/en-US/solution/KA-0019355 | Vendor Advisory | |
| security@trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-25-296/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| trendmicro | apex_central | 2019 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:-:*:*:-:*:*:*",
"matchCriteriaId": "664A5F5B-7494-4ADF-9028-CA5DC84AF91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_3752:*:*:-:*:*:*",
"matchCriteriaId": "316E50F7-A9DA-4B67-9ECC-C8D50116BA07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_5158:*:*:-:*:*:*",
"matchCriteriaId": "8FBF6D0D-D68E-4DB2-B4DE-D4157FEE54F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6016:*:*:-:*:*:*",
"matchCriteriaId": "4B11EE47-757F-4A7D-806A-01C956535F4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6288:*:*:-:*:*:*",
"matchCriteriaId": "FB8D4938-783C-4954-95C0-BD26162330A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6394:*:*:-:*:*:*",
"matchCriteriaId": "8FFFED78-5927-4529-B74C-BF988108EC0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6481:*:*:-:*:*:*",
"matchCriteriaId": "D919B553-6CBD-4211-A507-CD930D485852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6511:*:*:-:*:*:*",
"matchCriteriaId": "F30EC7A8-6E0D-40CE-9691-90F438F1F03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6571:*:*:-:*:*:*",
"matchCriteriaId": "F905E86D-E3D9-4E54-B2A6-01753043A9F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6658:*:*:-:*:*:*",
"matchCriteriaId": "231493F7-3804-4123-BE1E-ABC3AC46DAAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6660:*:*:-:*:*:*",
"matchCriteriaId": "983C3666-DF36-4C30-BD70-669734D28475",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:build_6890:*:*:-:*:*:*",
"matchCriteriaId": "2EFB9449-DB07-4F75-AB53-23F2B721C0CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unrestricted file upload vulnerability in a Trend Micro Apex Central widget below version 8.0.6955 could allow an attacker to upload arbitrary files on affected installations."
},
{
"lang": "es",
"value": "Una vulnerabilidad de carga de archivos sin restricciones en un widget de Trend Micro Apex Central anterior a la versi\u00f3n 8.0.6955 podr\u00eda permitir que un atacante cargue archivos arbitrarios en las instalaciones afectadas."
}
],
"id": "CVE-2025-47866",
"lastModified": "2025-09-08T21:04:48.677",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security@trendmicro.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-06-17T18:15:26.570",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/en-US/solution/KA-0019355"
},
{
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-296/"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-475"
}
],
"source": "security@trendmicro.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-69260 (GCVE-0-2025-69260)
Vulnerability from cvelistv5 – Published: 2026-01-08 12:50 – Updated: 2026-01-08 14:58
VLAI?
Summary
A message out-of-bounds read vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations.
Please note: authentication is not required in order to exploit this vulnerability.
Severity ?
7.5 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro, Inc. | Trend Micro Apex Central |
Affected:
2019 (14.0) , < Build 7190
(semver)
cpe:2.3:a:trendmicro:apexcentral:2019:7190:-:*:-:windows:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-69260",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-08T14:58:39.498913Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-08T14:58:45.973Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:trendmicro:apexcentral:2019:7190:-:*:-:windows:*:*"
],
"product": "Trend Micro Apex Central",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "Build 7190",
"status": "affected",
"version": "2019 (14.0)",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A message out-of-bounds read vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations.\r\n\r\nPlease note: authentication is not required in order to exploit this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346: Origin Validation Error",
"lang": "en-US",
"type": "CWE"
},
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-08T12:50:55.959Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"url": "https://success.trendmicro.com/en-US/solution/KA-0022071"
},
{
"url": "https://success.trendmicro.com/ja-JP/solution/KA-0022081"
},
{
"url": "https://www.tenable.com/security/research/tra-2026-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2025-69260",
"datePublished": "2026-01-08T12:50:55.959Z",
"dateReserved": "2025-12-30T16:24:23.580Z",
"dateUpdated": "2026-01-08T14:58:45.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-69259 (GCVE-0-2025-69259)
Vulnerability from cvelistv5 – Published: 2026-01-08 12:50 – Updated: 2026-01-08 14:58
VLAI?
Summary
A message unchecked NULL return value vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations.
Please note: authentication is not required in order to exploit this vulnerability..
Severity ?
7.5 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro, Inc. | Trend Micro Apex Central |
Affected:
2019 (14.0) , < Build 7190
(semver)
cpe:2.3:a:trendmicro:apexcentral:2019:7190:-:*:-:windows:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-69259",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-08T14:58:28.787063Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-08T14:58:32.770Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:trendmicro:apexcentral:2019:7190:-:*:-:windows:*:*"
],
"product": "Trend Micro Apex Central",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "Build 7190",
"status": "affected",
"version": "2019 (14.0)",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A message unchecked NULL return value vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations.\r\n\r\nPlease note: authentication is not required in order to exploit this vulnerability.."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346: Origin Validation Error",
"lang": "en-US",
"type": "CWE"
},
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-08T12:50:43.746Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"url": "https://success.trendmicro.com/en-US/solution/KA-0022071"
},
{
"url": "https://success.trendmicro.com/ja-JP/solution/KA-0022081"
},
{
"url": "https://www.tenable.com/security/research/tra-2026-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2025-69259",
"datePublished": "2026-01-08T12:50:43.746Z",
"dateReserved": "2025-12-30T16:24:23.580Z",
"dateUpdated": "2026-01-08T14:58:32.770Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-69258 (GCVE-0-2025-69258)
Vulnerability from cvelistv5 – Published: 2026-01-08 12:50 – Updated: 2026-01-09 04:55
VLAI?
Summary
A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations.
Severity ?
9.8 (Critical)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro, Inc. | Trend Micro Apex Central |
Affected:
2019 (14.0) , < Build 7190
(semver)
cpe:2.3:a:trendmicro:apexcentral:2019:7190:-:*:-:windows:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-69258",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-08T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T04:55:19.118Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:trendmicro:apexcentral:2019:7190:-:*:-:windows:*:*"
],
"product": "Trend Micro Apex Central",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "Build 7190",
"status": "affected",
"version": "2019 (14.0)",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290: Authentication Bypass by Spoofing",
"lang": "en-US",
"type": "CWE"
},
{
"cweId": "CWE-346",
"description": "CWE-346: Origin Validation Error",
"lang": "en-US",
"type": "CWE"
},
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-08T12:50:25.113Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"url": "https://success.trendmicro.com/en-US/solution/KA-0022071"
},
{
"url": "https://success.trendmicro.com/ja-JP/solution/KA-0022081"
},
{
"url": "https://www.tenable.com/security/research/tra-2026-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2025-69258",
"datePublished": "2026-01-08T12:50:25.113Z",
"dateReserved": "2025-12-30T16:24:23.580Z",
"dateUpdated": "2026-01-09T04:55:19.118Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-30680 (GCVE-0-2025-30680)
Vulnerability from cvelistv5 – Published: 2025-06-17 19:56 – Updated: 2025-06-20 13:12 Exclusively Hosted Service
VLAI?
Summary
A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (SaaS) could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations.
Please note: this vulnerability only affects the SaaS instance of Apex Central - customers that automatically apply Trend Micro's monthly maintenance releases to the SaaS instance do not have to take any further action.
Severity ?
7.5 (High)
CWE
- CWE-918 - SSRF
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro, Inc. | Trend Micro Apex Central |
Affected:
SaaS , < 8.0.6955
(semver)
cpe:2.3:a:trendmicro:apex_central:SaaS:*:*:en:*:windows_10:x86_64:1809 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30680",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-18T14:19:50.267446Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-20T13:12:46.037Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:trendmicro:apex_central:SaaS:*:*:en:*:windows_10:x86_64:1809"
],
"product": "Trend Micro Apex Central",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "8.0.6955",
"status": "affected",
"version": "SaaS",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (SaaS) could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations. \r\n\r\nPlease note: this vulnerability only affects the SaaS instance of Apex Central - customers that automatically apply Trend Micro\u0027s monthly maintenance releases to the SaaS instance do not have to take any further action."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: SSRF",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T19:56:23.405Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"url": "https://success.trendmicro.com/en-US/solution/KA-0019355"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-238/"
}
],
"tags": [
"exclusively-hosted-service"
]
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2025-30680",
"datePublished": "2025-06-17T19:56:23.405Z",
"dateReserved": "2025-03-25T17:52:24.546Z",
"dateUpdated": "2025-06-20T13:12:46.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30679 (GCVE-0-2025-30679)
Vulnerability from cvelistv5 – Published: 2025-06-17 19:56 – Updated: 2025-06-20 13:12
VLAI?
Summary
A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modOSCE component could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations.
Severity ?
6.5 (Medium)
CWE
- CWE-918 - SSRF
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro, Inc. | Trend Micro Apex Central |
Affected:
8.0 , < 8.0.6955
(semver)
cpe:2.3:a:trendmicro:apex_central:6955:*:*:en:*:windows_10:x86_64:1809 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30679",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-18T14:19:52.442400Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-20T13:12:51.981Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:trendmicro:apex_central:6955:*:*:en:*:windows_10:x86_64:1809"
],
"product": "Trend Micro Apex Central",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "8.0.6955",
"status": "affected",
"version": "8.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modOSCE component could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: SSRF",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T19:56:11.050Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"url": "https://success.trendmicro.com/en-US/solution/KA-0019355"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-237/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2025-30679",
"datePublished": "2025-06-17T19:56:11.050Z",
"dateReserved": "2025-03-25T17:52:24.546Z",
"dateUpdated": "2025-06-20T13:12:51.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30678 (GCVE-0-2025-30678)
Vulnerability from cvelistv5 – Published: 2025-06-17 19:56 – Updated: 2025-06-20 13:12
VLAI?
Summary
A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modTMSM component could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations.
Severity ?
6.5 (Medium)
CWE
- CWE-918 - SSRF
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro, Inc. | Trend Micro Apex Central |
Affected:
8.0 , < 8.0.6955
(semver)
cpe:2.3:a:trendmicro:apex_central:6955:*:*:en:*:windows_10:x86_64:1809 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30678",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-18T14:19:54.649915Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-20T13:12:57.801Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:trendmicro:apex_central:6955:*:*:en:*:windows_10:x86_64:1809"
],
"product": "Trend Micro Apex Central",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "8.0.6955",
"status": "affected",
"version": "8.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modTMSM component could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: SSRF",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T19:56:01.476Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"url": "https://success.trendmicro.com/en-US/solution/KA-0019355"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-236/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2025-30678",
"datePublished": "2025-06-17T19:56:01.476Z",
"dateReserved": "2025-03-25T17:52:24.546Z",
"dateUpdated": "2025-06-20T13:12:57.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49220 (GCVE-0-2025-49220)
Vulnerability from cvelistv5 – Published: 2025-06-17 17:43 – Updated: 2025-06-18 03:56
VLAI?
Summary
An insecure deserialization operation in Trend Micro Apex Central below version 8.0.7007 could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49219 but is in a different method.
Severity ?
9.8 (Critical)
CWE
- CWE-477 - Use of Obsolete Function
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro, Inc. | Trend Micro Apex Central |
Affected:
8.0 , < 8.0.7007
(semver)
cpe:2.3:a:trendmicro:apex_central:7007:*:*:en:*:windows_10:x86_64:1809 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49220",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-17T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T03:56:05.373Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:trendmicro:apex_central:7007:*:*:en:*:windows_10:x86_64:1809"
],
"product": "Trend Micro Apex Central",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "8.0.7007",
"status": "affected",
"version": "8.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An insecure deserialization operation in Trend Micro Apex Central below version 8.0.7007 could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49219 but is in a different method."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-477",
"description": "CWE-477: Use of Obsolete Function",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T17:43:23.501Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"url": "https://success.trendmicro.com/en-US/solution/KA-0019926"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-367/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2025-49220",
"datePublished": "2025-06-17T17:43:23.501Z",
"dateReserved": "2025-06-03T18:11:27.260Z",
"dateUpdated": "2025-06-18T03:56:05.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49219 (GCVE-0-2025-49219)
Vulnerability from cvelistv5 – Published: 2025-06-17 17:43 – Updated: 2025-06-18 03:56
VLAI?
Summary
An insecure deserialization operation in Trend Micro Apex Central below versions 8.0.7007 could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49220 but is in a different method.
Severity ?
9.8 (Critical)
CWE
- CWE-477 - Use of Obsolete Function
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro, Inc. | Trend Micro Apex Central |
Affected:
8.0 , < 8.0.7007
(semver)
cpe:2.3:a:trendmicro:apex_central:7007:*:*:en:*:windows_10:x86_64:1809 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49219",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-17T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T03:56:06.490Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:trendmicro:apex_central:7007:*:*:en:*:windows_10:x86_64:1809"
],
"product": "Trend Micro Apex Central",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "8.0.7007",
"status": "affected",
"version": "8.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An insecure deserialization operation in Trend Micro Apex Central below versions 8.0.7007 could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49220 but is in a different method."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-477",
"description": "CWE-477: Use of Obsolete Function",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T17:43:12.062Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"url": "https://success.trendmicro.com/en-US/solution/KA-0019926"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-366/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2025-49219",
"datePublished": "2025-06-17T17:43:12.062Z",
"dateReserved": "2025-06-03T18:11:27.260Z",
"dateUpdated": "2025-06-18T03:56:06.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-47867 (GCVE-0-2025-47867)
Vulnerability from cvelistv5 – Published: 2025-06-17 17:42 – Updated: 2025-06-18 03:56
VLAI?
Summary
A Local File Inclusion vulnerability in a Trend Micro Apex Central widget in versions below 8.0.6955 could allow an attacker to include arbitrary files to execute as PHP code and lead to remote code execution on affected installations.
Severity ?
7.5 (High)
CWE
- CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro, Inc. | Trend Micro Apex Central |
Affected:
8.0 , < 8.0.6955
(semver)
cpe:2.3:a:trendmicro:apex_central:6955:*:*:en:*:windows_10:x86_64:1809 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47867",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-17T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T03:56:08.682Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:trendmicro:apex_central:6955:*:*:en:*:windows_10:x86_64:1809"
],
"product": "Trend Micro Apex Central",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "8.0.6955",
"status": "affected",
"version": "8.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Local File Inclusion vulnerability in a Trend Micro Apex Central widget in versions below 8.0.6955 could allow an attacker to include arbitrary files to execute as PHP code and lead to remote code execution on affected installations."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T17:42:55.846Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"url": "https://success.trendmicro.com/en-US/solution/KA-0019355"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-297/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2025-47867",
"datePublished": "2025-06-17T17:42:55.846Z",
"dateReserved": "2025-05-12T16:13:08.568Z",
"dateUpdated": "2025-06-18T03:56:08.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-47866 (GCVE-0-2025-47866)
Vulnerability from cvelistv5 – Published: 2025-06-17 17:42 – Updated: 2025-06-17 18:36
VLAI?
Summary
An unrestricted file upload vulnerability in a Trend Micro Apex Central widget below version 8.0.6955 could allow an attacker to upload arbitrary files on affected installations.
Severity ?
4.3 (Medium)
CWE
- CWE-475 - Undefined Behavior for Input to API
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro, Inc. | Trend Micro Apex Central |
Affected:
8.0 , < 8.0.6955
(semver)
cpe:2.3:a:trendmicro:apex_central:6955:*:*:en:*:windows_10:x86_64:1809 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47866",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-17T18:29:16.974312Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T18:36:07.522Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:trendmicro:apex_central:6955:*:*:en:*:windows_10:x86_64:1809"
],
"product": "Trend Micro Apex Central",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "8.0.6955",
"status": "affected",
"version": "8.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An unrestricted file upload vulnerability in a Trend Micro Apex Central widget below version 8.0.6955 could allow an attacker to upload arbitrary files on affected installations."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-475",
"description": "CWE-475: Undefined Behavior for Input to API",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T17:42:42.396Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"url": "https://success.trendmicro.com/en-US/solution/KA-0019355"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-296/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2025-47866",
"datePublished": "2025-06-17T17:42:42.396Z",
"dateReserved": "2025-05-12T16:13:08.568Z",
"dateUpdated": "2025-06-17T18:36:07.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}