CVSS: 10.0EPSS: 18%CPEs: 1EXPL: 0CVE-2025-54948 – Trend Micro Apex One OS Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2025-54948
05 Aug 2025 — A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. Una vulnerabilidad en la consola de administración de Trend Micro Apex One (local) podría permitir que un atacante remoto previamente autenticado cargue código malicioso y ejecute comandos en las instalaciones afectadas. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ... • https://success.trendmicro.com/en-US/solution/KA-0020652 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-54987 – Trend Micro Apex One Console Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-54987
05 Aug 2025 — A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is essentially the same as CVE-2025-54948 but targets a different CPU architecture. Una vulnerabilidad en la consola de administración de Trend Micro Apex One (local) podría permitir que un atacante remoto preautenticado cargue código malicioso y ejecute comandos en las instalaciones afectadas. Esta... • https://success.trendmicro.com/en-US/solution/KA-0020652 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.7EPSS: 0%CPEs: 3EXPL: 0CVE-2025-49154
https://notcve.org/view.php?id=CVE-2025-49154
17 Jun 2025 — An insecure access control vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security could allow a local attacker to overwrite key memory-mapped files which could then have severe consequences for the security and stability of affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. • https://success.trendmicro.com/en-US/solution/KA-0019917 • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-49155 – Trend Micro Apex One Data Loss Prevention Uncontrolled Search Path Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-49155
11 Jun 2025 — An uncontrolled search path vulnerability in the Trend Micro Apex One Data Loss Prevention module could allow an attacker to inject malicious code leading to arbitrary code execution on affected installations. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex One Security Agent. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the... • https://success.trendmicro.com/en-US/solution/KA-0019917 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-49156 – Trend Micro Apex One Virus Scan Engine Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-49156
11 Jun 2025 — A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the ta... • https://success.trendmicro.com/en-US/solution/KA-0019917 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-49157 – Trend Micro Apex One Damage Cleanup Engine Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-49157
11 Jun 2025 — A link following vulnerability in the Trend Micro Apex One Damage Cleanup Engine could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code... • https://success.trendmicro.com/en-US/solution/KA-0019917 • CWE-269: Improper Privilege Management •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2025-49158 – Trend Micro Apex One Security Agent ntrmv Uncontrolled Search Path Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-49158
11 Jun 2025 — An uncontrolled search path vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged ... • https://success.trendmicro.com/en-US/solution/KA-0019917 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-58105
https://notcve.org/view.php?id=CVE-2024-58105
25 Mar 2025 — A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations. This CVE address an addtional bypass not covered in CVE-2024-58104. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. • https://success.trendmicro.com/en-US/solution/KA-0018217 • CWE-286: Incorrect User Management •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-58104
https://notcve.org/view.php?id=CVE-2024-58104
25 Mar 2025 — A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. • https://success.trendmicro.com/en-US/solution/KA-0018217 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-55917 – Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-55917
31 Dec 2024 — An origin validation error vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target sys... • https://success.trendmicro.com/en-US/solution/KA-0018217 • CWE-346: Origin Validation Error •