- 123/2025
- High
Trend Micro has released security updates to address several vulnerabilities Affecting Trend Micro Apex One 2019 (On-prem), and Apex One as a Service.
The addressed vulnerabilities could allow the attacker to gain elevated privileges, manipulate data, or execute arbitrary code and gain access to the affected product.
Sample of the addressed vulnerabilities:
1. Trend Micro Apex One Data Loss Prevention Uncontrolled Search Path RCE Vulnerability (CVE-2025-49155):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
2.Trend Micro Apex One Insecure Access Control Vulnerability (CVE-2025- 49154):
- CVSS: 8.7
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Data Manipulation
Vulnerabilities
- CVE-2025-49154
- CVE-2025-49155
- CVE-2025-49156
- CVE-2025-49157
- CVE-2025-49158
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.