CVE-2025-49155

Published: Jun 17, 2025Modified: Sep 9, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: security@trendmicro.com (Secondary)

Description

An uncontrolled search path vulnerability in the Trend Micro Apex One Data Loss Prevention module could allow an attacker to inject malicious code leading to arbitrary code execution on affected installations.

Affected (2)

Products: Trendmicro: Apex One

Trendmicro

1 product

Apex One

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Trendmicro Apex One	From 14.0.0.12994 to 14.0.0.14002
Trendmicro Apex One	Before 14.0.14492

Related CWEs

CWE-427

Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

References (2)

https://success.trendmicro.com/en-US/solution/KA-0019917

Source: security@trendmicro.com

Vendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-25-362/

Source: security@trendmicro.com

Third Party Advisory

Timeline

No history available yet.