2025-0609-TM-A1-001

Vulnerability from csaf_trendmicro - Published: 2025-06-09 10:00 - Updated: 2025-06-09 10:00
Summary
SECURITY BULLETIN: June 2025 for Trend Micro Apex One
Notes
Title: SECURITY BULLETIN: June 2025 for Trend Micro Apex One

An insecure access control vulnerability in Trend Micro Apex One could allow a local attacker to overwrite key memory-mapped files which could then have severe consequences for the security and stability of affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

CWE-284 - Improper Access Control
Affected products
Product Identifier Version Remediation
Apex One
Trend Micro / Apex One
2019
Vendor Fix fix
Product Identifier Version Remediation
Apex One as a Service
Trend Micro / Apex One as a Service
SaaS
Vendor Fix fix

An uncontrolled search path vulnerability in the Trend Micro Apex One Data Loss Prevention module could allow an attacker to inject malicious code leading to arbitrary code execution on affected installations.

CWE-427 - Uncontrolled Search Path Element
Affected products
Product Identifier Version Remediation
Apex One
Trend Micro / Apex One
2019
Vendor Fix fix
Product Identifier Version Remediation
Apex One as a Service
Trend Micro / Apex One as a Service
SaaS
Vendor Fix fix

A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

CWE-269 - Improper Privilege Management
Affected products
Product Identifier Version Remediation
Apex One
Trend Micro / Apex One
2019
Vendor Fix fix
Product Identifier Version Remediation
Apex One as a Service
Trend Micro / Apex One as a Service
SaaS
Vendor Fix fix

A link following vulnerability in the Trend Micro Apex One Damage Cleanup Engine could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

CWE-269 - Improper Privilege Management
Affected products
Product Identifier Version Remediation
Apex One
Trend Micro / Apex One
2019
Vendor Fix fix
Product Identifier Version Remediation
Apex One as a Service
Trend Micro / Apex One as a Service
SaaS
Vendor Fix fix

An uncontrolled search path vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

CWE-427 - Uncontrolled Search Path Element
Affected products
Product Identifier Version Remediation
Apex One
Trend Micro / Apex One
2019
Vendor Fix fix
Product Identifier Version Remediation
Apex One as a Service
Trend Micro / Apex One as a Service
SaaS
Vendor Fix fix
Acknowledgments
Alexander Pudwill
Xavier DANEST - Decathlon working with Trend Zero Day Initiative
Anonymous working with Trend Zero Day Initiative
Vladislav Berghici of Trend Micro Research working with Trend Zero Day Initiative

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "notes": [
      {
        "category": "summary",
        "text": "SECURITY BULLETIN: June 2025 for Trend Micro Apex One",
        "title": "Title"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "security@trendmicro.com",
      "issuing_authority": "Trend Micro PSIRT",
      "name": "Trend Micro",
      "namespace": "https://www.trendmicro.com/vulnerability"
    },
    "references": [
      {
        "category": "self",
        "summary": "Trend Micro Security Bulletin",
        "url": "https://success.trendmicro.com/en-US/solution/KA-0019917"
      }
    ],
    "title": "SECURITY BULLETIN: June 2025 for Trend Micro Apex One",
    "tracking": {
      "current_release_date": "2025-06-09T10:00:00.000Z",
      "generator": {
        "date": "2025-07-23T18:31:24.504Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.31"
        }
      },
      "id": "2025-0609-TM-A1-001",
      "initial_release_date": "2025-06-09T10:00:00.000Z",
      "revision_history": [
        {
          "date": "2025-06-09T10:00:00.000Z",
          "number": "1",
          "summary": "Initial version."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "2019",
                "product": {
                  "name": "Apex One",
                  "product_id": "TM-A1-001"
                }
              }
            ],
            "category": "product_name",
            "name": "Apex One"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "SaaS",
                "product": {
                  "name": "Apex One as a Service",
                  "product_id": "TM-A1SAAS-001"
                }
              }
            ],
            "category": "product_name",
            "name": "Apex One as a Service"
          }
        ],
        "category": "vendor",
        "name": "Trend Micro"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Alexander Pudwill"
          ],
          "summary": "Trend Micro would like to thank the following individuals for responsibly reporting these issues: Alexander Pudwill"
        }
      ],
      "cve": "CVE-2025-49154",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "description",
          "text": "An insecure access control vulnerability in Trend Micro Apex One could allow a local attacker to overwrite key memory-mapped files which could then have severe consequences for the security and stability of affected installations.\n\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "fixed": [
          "TM-A1SAAS-001"
        ],
        "known_affected": [
          "TM-A1-001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-06-09T19:00:00.000Z",
          "details": "SP1 CP Build 14002",
          "product_ids": [
            "TM-A1-001"
          ],
          "url": "http://downloadcenter.trendmicro.com/"
        },
        {
          "category": "vendor_fix",
          "date": "2025-06-01T19:00:00.000Z",
          "details": "Security Agent Version 14.0.14492",
          "product_ids": [
            "TM-A1SAAS-001"
          ],
          "url": "https://success.trendmicro.com/en-US/solution/KA-0019917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "environmentalScore": 8.7,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "temporalScore": 8.7,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "TM-A1-001",
            "TM-A1SAAS-001"
          ]
        }
      ],
      "title": "Insecure Access Control"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Xavier DANEST - Decathlon working with Trend Zero Day Initiative"
          ],
          "summary": "Trend Micro would like to thank the following individuals for responsibly reporting these issues: Alexander Pudwill"
        }
      ],
      "cve": "CVE-2025-49155",
      "cwe": {
        "id": "CWE-427",
        "name": "Uncontrolled Search Path Element"
      },
      "notes": [
        {
          "category": "description",
          "text": "An uncontrolled search path vulnerability in the Trend Micro Apex One Data Loss Prevention module could allow an attacker to inject malicious code leading to arbitrary code execution on affected installations.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "fixed": [
          "TM-A1SAAS-001"
        ],
        "known_affected": [
          "TM-A1-001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "ZDI-CAN-24571",
          "url": "https://www.zerodayinitiative.com/advisories/published/"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-06-09T19:00:00.000Z",
          "details": "SP1 CP Build 14002",
          "product_ids": [
            "TM-A1-001"
          ],
          "url": "http://downloadcenter.trendmicro.com/"
        },
        {
          "category": "vendor_fix",
          "date": "2025-06-01T19:00:00.000Z",
          "details": "Security Agent Version 14.0.14492",
          "product_ids": [
            "TM-A1SAAS-001"
          ],
          "url": "https://success.trendmicro.com/en-US/solution/KA-0019917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 8.8,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 8.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "TM-A1-001",
            "TM-A1SAAS-001"
          ]
        }
      ],
      "title": "Data Loss Prevention Uncontrolled Search Path RCE Vulnerability"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Anonymous working with Trend Zero Day Initiative"
          ],
          "summary": "Trend Micro would like to thank the following individuals for responsibly reporting these issues: Alexander Pudwill"
        }
      ],
      "cve": "CVE-2025-49156",
      "cwe": {
        "id": "CWE-269",
        "name": "Improper Privilege Management"
      },
      "notes": [
        {
          "category": "description",
          "text": "A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalation privileges on affected installations.\n\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "fixed": [
          "TM-A1SAAS-001"
        ],
        "known_affected": [
          "TM-A1-001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "ZDI-CAN-24973",
          "url": "https://www.zerodayinitiative.com/advisories/published/"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-06-09T19:00:00.000Z",
          "details": "SP1 CP Build 14002",
          "product_ids": [
            "TM-A1-001"
          ],
          "url": "http://downloadcenter.trendmicro.com/"
        },
        {
          "category": "vendor_fix",
          "date": "2025-06-01T19:00:00.000Z",
          "details": "Security Agent Version 14.0.14492",
          "product_ids": [
            "TM-A1SAAS-001"
          ],
          "url": "https://success.trendmicro.com/en-US/solution/KA-0019917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 7,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "temporalScore": 7,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "TM-A1-001",
            "TM-A1SAAS-001"
          ]
        }
      ],
      "title": "Scan Engine Link Following Local Privilege Escalation"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Anonymous working with Trend Zero Day Initiative"
          ],
          "summary": "Trend Micro would like to thank the following individuals for responsibly reporting these issues: Alexander Pudwill"
        }
      ],
      "cve": "CVE-2025-49157",
      "cwe": {
        "id": "CWE-269",
        "name": "Improper Privilege Management"
      },
      "notes": [
        {
          "category": "description",
          "text": "A link following vulnerability in the Trend Micro Apex One Damage Cleanup Engine could allow a local attacker to escalation privileges on affected installations.\n\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "fixed": [
          "TM-A1SAAS-001"
        ],
        "known_affected": [
          "TM-A1-001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "ZDI-CAN-25273",
          "url": "https://www.zerodayinitiative.com/advisories/published/"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-06-09T19:00:00.000Z",
          "details": "SP1 CP Build 14002",
          "product_ids": [
            "TM-A1-001"
          ],
          "url": "http://downloadcenter.trendmicro.com/"
        },
        {
          "category": "vendor_fix",
          "date": "2025-06-01T19:00:00.000Z",
          "details": "Security Agent Version 14.0.14492",
          "product_ids": [
            "TM-A1SAAS-001"
          ],
          "url": "https://success.trendmicro.com/en-US/solution/KA-0019917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 7.8,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "temporalScore": 7.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "TM-A1-001",
            "TM-A1SAAS-001"
          ]
        }
      ],
      "title": "Damage Cleanup Engine Link Following Local Privilege Escalation"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Vladislav Berghici of Trend Micro Research working with Trend Zero Day Initiative"
          ],
          "summary": "Trend Micro would like to thank the following individuals for responsibly reporting these issues: Alexander Pudwill"
        }
      ],
      "cve": "CVE-2025-49158",
      "cwe": {
        "id": "CWE-427",
        "name": "Uncontrolled Search Path Element"
      },
      "notes": [
        {
          "category": "description",
          "text": "An uncontrolled search path vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalation privileges on affected installations.\n\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "fixed": [
          "TM-A1SAAS-001"
        ],
        "known_affected": [
          "TM-A1-001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "ZDI-CAN-25771",
          "url": "https://www.zerodayinitiative.com/advisories/published/"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-06-09T19:00:00.000Z",
          "details": "SP1 CP Build 14002",
          "product_ids": [
            "TM-A1-001"
          ],
          "url": "http://downloadcenter.trendmicro.com/"
        },
        {
          "category": "vendor_fix",
          "date": "2025-06-01T19:00:00.000Z",
          "details": "Security Agent Version 14.0.14492",
          "product_ids": [
            "TM-A1SAAS-001"
          ],
          "url": "https://success.trendmicro.com/en-US/solution/KA-0019917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 6.7,
            "environmentalSeverity": "MEDIUM",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "temporalScore": 6.7,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "TM-A1-001",
            "TM-A1SAAS-001"
          ]
        }
      ],
      "title": "Security Agent Uncontrolled Search Path Local Privilege Escalation"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…