Unrated severityNVD Advisory· Published Jun 17, 2025· Updated Jun 17, 2025

CVE-2025-49156

Description

A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalation privileges on affected installations.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Affected products

Trend Micro, Inc./Trend Micro Apex Onev5
cpe:2.3:a:trendmicro:apexone_op:14.0.0.14002:p3:*:*:*:*:*:*
Range: 2019 (14.0)
Trend Micro, Inc./Trend Micro Apex One as a Servicev5
cpe:2.3:a:trendmicro:apexone_saas:14.0.0.14492:ga:*:*:*:*:*:*
Range: SaaS
Trend Micro/Apex Onellm-fuzzy

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

success.trendmicro.com/en-US/solution/KA-0019917mitre
www.zerodayinitiative.com/advisories/ZDI-25-363/mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000