CVE-2025-49155

HIGH

Trendmicro Apex One < 14.0.14492 - Uncontrolled Search Path

Title source: rule

Description

An uncontrolled search path vulnerability in the Trend Micro Apex One Data Loss Prevention module could allow an attacker to inject malicious code leading to arbitrary code execution on affected installations.

References (2)

[Vendor Advisory] https://success.trendmicro.com/en-US/solution/KA-0019917

[Third Party Advisory] https://www.zerodayinitiative.com/advisories/ZDI-25-362/

Scores

CVSS v3 8.8

EPSS 0.0044

EPSS Percentile 63.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-427

Status published

Products (2)

trendmicro/apex_one < 14.0.14492

trendmicro/apex_one 14.0.0.12994 - 14.0.0.14002

Published Jun 17, 2025

Tracked Since Feb 18, 2026