CVSS: 10.0EPSS: 18%CPEs: 1EXPL: 0CVE-2025-54948 – Trend Micro Apex One OS Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2025-54948
05 Aug 2025 — A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. Una vulnerabilidad en la consola de administración de Trend Micro Apex One (local) podría permitir que un atacante remoto previamente autenticado cargue código malicioso y ejecute comandos en las instalaciones afectadas. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ... • https://success.trendmicro.com/en-US/solution/KA-0020652 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-54987 – Trend Micro Apex One Console Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-54987
05 Aug 2025 — A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is essentially the same as CVE-2025-54948 but targets a different CPU architecture. Una vulnerabilidad en la consola de administración de Trend Micro Apex One (local) podría permitir que un atacante remoto preautenticado cargue código malicioso y ejecute comandos en las instalaciones afectadas. Esta... • https://success.trendmicro.com/en-US/solution/KA-0020652 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53503 – Trend Micro Cleaner One Pro Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-53503
10 Jul 2025 — Trend Micro Cleaner One Pro is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own. This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Cleaner One Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Junk Files Cleanup functional... • https://helpcenter.trendmicro.com/en-us/article/tmka-12951 • CWE-64: Windows Shortcut Following (.LNK) •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53378 – Trend Micro Worry-Free Business Security Missing Authentication Vulnerability
https://notcve.org/view.php?id=CVE-2025-53378
10 Jul 2025 — A missing authentication vulnerability in Trend Micro Worry-Free Business Security Services (WFBSS) agent could have allowed an unauthenticated attacker to remotely take control of the agent on affected installations. Also note: this vulnerability only affected the SaaS client version of WFBSS only, meaning the on-premise version of Worry-Free Business Security was not affected, and this issue was addressed in a WFBSS monthly maintenance update. Therefore no other customer action is required to mitigate if ... • https://success.trendmicro.com/en-US/solution/KA-0019936 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-52521 – Trend Micro Maximum Security Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-52521
08 Jul 2025 — Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own. This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within th... • https://helpcenter.trendmicro.com/en-us/article/tmka-18876 • CWE-64: Windows Shortcut Following (.LNK) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-52837 – Trend Micro Password Manager Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-52837
08 Jul 2025 — Trend Micro Password Manager (Consumer) version 5.8.0.1327 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow an attacker the opportunity to abuse symbolic links and other methods to delete any file/folder and achieve privilege escalation. This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Password Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order ... • https://helpcenter.trendmicro.com/en-us/article/TMKA-12946 • CWE-64: Windows Shortcut Following (.LNK) •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49214
https://notcve.org/view.php?id=CVE-2025-49214
17 Jun 2025 — An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a post-authentication remote code execution on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability. • https://success.trendmicro.com/en-US/solution/KA-0019928 • CWE-477: Use of Obsolete Function •
CVSS: 8.7EPSS: 0%CPEs: 3EXPL: 0CVE-2025-49154
https://notcve.org/view.php?id=CVE-2025-49154
17 Jun 2025 — An insecure access control vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security could allow a local attacker to overwrite key memory-mapped files which could then have severe consequences for the security and stability of affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. • https://success.trendmicro.com/en-US/solution/KA-0019917 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49384 – Trend Micro Internet Security Platinum Host Service Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-49384
17 Jun 2025 — Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own. This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Internet Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within t... • https://helpcenter.trendmicro.com/en-us/article/TMKA-11112 • CWE-64: Windows Shortcut Following (.LNK) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49385 – Trend Micro Maximum Security Platinum Host Service Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-49385
13 Jun 2025 — Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own. This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within th... • https://helpcenter.trendmicro.com/en-us/article/TMKA-18461 • CWE-64: Windows Shortcut Following (.LNK) •