CVE-2020-25773

HIGH

Trendmicro Apex One - Double Free

Title source: rule

Description

A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to execute arbitrary code on affected products. User interaction is required to exploit this vulnerability in that the target must import a corrupted configuration file.

References (2)

[Vendor Advisory] https://success.trendmicro.com/solution/000271974

[Third Party Advisory, VDB Entry] https://www.zerodayinitiative.com/advisories/ZDI-20-1224/

Scores

CVSS v3 7.8

EPSS 0.0053

EPSS Percentile 66.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-415

Status published

Affected Products (2)

trendmicro/apex_one

Timeline

Published Sep 29, 2020

Tracked Since Feb 18, 2026