CVE-2025-47867
HIGHTrend Micro Apex Central < 8.0.6955 - Local File Inclusion and Remote Code Execution via Widget
Title source: llmDescription
A Local File Inclusion vulnerability in a Trend Micro Apex Central widget in versions below 8.0.6955 could allow an attacker to include arbitrary files to execute as PHP code and lead to remote code execution on affected installations.
References (2)
Core 2
Core References
Vendor Advisory
https://success.trendmicro.com/en-US/solution/KA-0019355
Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-25-297/
Scores
CVSS v3
7.5
EPSS
0.0181
EPSS Percentile
83.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-74
Status
published
Products (1)
trendmicro/apex_central
2019 (12 CPE variants)
Published
Jun 17, 2025
Tracked Since
Feb 18, 2026