CVSS: 8.7EPSS: 0%CPEs: 3EXPL: 0CVE-2025-49154
https://notcve.org/view.php?id=CVE-2025-49154
17 Jun 2025 — An insecure access control vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security could allow a local attacker to overwrite key memory-mapped files which could then have severe consequences for the security and stability of affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. • https://success.trendmicro.com/en-US/solution/KA-0019917 • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-49155 – Trend Micro Apex One Data Loss Prevention Uncontrolled Search Path Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-49155
11 Jun 2025 — An uncontrolled search path vulnerability in the Trend Micro Apex One Data Loss Prevention module could allow an attacker to inject malicious code leading to arbitrary code execution on affected installations. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex One Security Agent. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the... • https://success.trendmicro.com/en-US/solution/KA-0019917 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-49156 – Trend Micro Apex One Virus Scan Engine Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-49156
11 Jun 2025 — A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the ta... • https://success.trendmicro.com/en-US/solution/KA-0019917 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-49157 – Trend Micro Apex One Damage Cleanup Engine Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-49157
11 Jun 2025 — A link following vulnerability in the Trend Micro Apex One Damage Cleanup Engine could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code... • https://success.trendmicro.com/en-US/solution/KA-0019917 • CWE-269: Improper Privilege Management •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2025-49158 – Trend Micro Apex One Security Agent ntrmv Uncontrolled Search Path Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-49158
11 Jun 2025 — An uncontrolled search path vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged ... • https://success.trendmicro.com/en-US/solution/KA-0019917 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-58105
https://notcve.org/view.php?id=CVE-2024-58105
25 Mar 2025 — A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations. This CVE address an addtional bypass not covered in CVE-2024-58104. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. • https://success.trendmicro.com/en-US/solution/KA-0018217 • CWE-286: Incorrect User Management •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-58104
https://notcve.org/view.php?id=CVE-2024-58104
25 Mar 2025 — A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. • https://success.trendmicro.com/en-US/solution/KA-0018217 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-55917 – Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-55917
31 Dec 2024 — An origin validation error vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target sys... • https://success.trendmicro.com/en-US/solution/KA-0018217 • CWE-346: Origin Validation Error •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-55632 – Trend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-55632
31 Dec 2024 — A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the targe... • https://success.trendmicro.com/en-US/solution/KA-0018217 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-55631 – Trend Micro Apex One Damage Cleanup Engine Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-55631
31 Dec 2024 — An engine link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target syste... • https://success.trendmicro.com/en-US/solution/KA-0018217 • CWE-269: Improper Privilege Management •