CVE-2025-49220

CRITICAL

Trendmicro Apex Central - Insecure Deserialization

Title source: rule

Description

An insecure deserialization operation in Trend Micro Apex Central below version 8.0.7007 could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49219 but is in a different method.

References (2)

Scores

CVSS v3 9.8
EPSS 0.0699
EPSS Percentile 91.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE
CWE-502 CWE-477
Status published

Affected Products (13)

trendmicro/apex_central
trendmicro/apex_central
trendmicro/apex_central
trendmicro/apex_central
trendmicro/apex_central
trendmicro/apex_central
trendmicro/apex_central
trendmicro/apex_central
trendmicro/apex_central
trendmicro/apex_central
trendmicro/apex_central
trendmicro/apex_central
trendmicro/apex_central

Timeline

Published Jun 17, 2025
Tracked Since Feb 18, 2026