Apex Central
by Trend Micro
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-49220 | 0.01 | — | 0.08 | Jun 17, 2025 | An insecure deserialization operation in Trend Micro Apex Central below version 8.0.7007 could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49219 but is in a different method. | |||
| CVE-2025-49219 | 0.01 | — | 0.08 | Jun 17, 2025 | An insecure deserialization operation in Trend Micro Apex Central below versions 8.0.7007 could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49220 but is in a different method. | |||
| CVE-2025-69260 | 0.00 | — | 0.01 | Jan 8, 2026 | A message out-of-bounds read vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations. Please note: authentication is not required in order to exploit this vulnerability. | |||
| CVE-2025-69259 | 0.00 | — | 0.01 | Jan 8, 2026 | A message unchecked NULL return value vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations. Please note: authentication is not required in order to exploit this vulnerability.. | |||
| CVE-2025-69258 | 0.00 | — | 0.01 | Jan 8, 2026 | A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations. | |||
| CVE-2025-30680 | 0.00 | — | 0.00 | Jun 17, 2025 | A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (SaaS) could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations. Please note: this vulnerability only affects the SaaS instance of Apex Central - customers that automatically apply Trend Micro's monthly maintenance releases to the SaaS instance do not have to take any further action. | |||
| CVE-2025-30679 | 0.00 | — | 0.00 | Jun 17, 2025 | A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modOSCE component could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations. | |||
| CVE-2025-47867 | 0.00 | — | 0.02 | Jun 17, 2025 | A Local File Inclusion vulnerability in a Trend Micro Apex Central widget in versions below 8.0.6955 could allow an attacker to include arbitrary files to execute as PHP code and lead to remote code execution on affected installations. | |||
| CVE-2025-47866 | 0.00 | — | 0.00 | Jun 17, 2025 | An unrestricted file upload vulnerability in a Trend Micro Apex Central widget below version 8.0.6955 could allow an attacker to upload arbitrary files on affected installations. | |||
| CVE-2025-47865 | 0.00 | — | 0.02 | Jun 17, 2025 | A Local File Inclusion vulnerability in a Trend Micro Apex Central widget below version 8.0.6955 could allow an attacker to gain remote code execution on affected installations. |
- CVE-2025-49220Jun 17, 2025risk 0.01cvss —epss 0.08
An insecure deserialization operation in Trend Micro Apex Central below version 8.0.7007 could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49219 but is in a different method.
- CVE-2025-49219Jun 17, 2025risk 0.01cvss —epss 0.08
An insecure deserialization operation in Trend Micro Apex Central below versions 8.0.7007 could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49220 but is in a different method.
- CVE-2025-69260Jan 8, 2026risk 0.00cvss —epss 0.01
A message out-of-bounds read vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations. Please note: authentication is not required in order to exploit this vulnerability.
- CVE-2025-69259Jan 8, 2026risk 0.00cvss —epss 0.01
A message unchecked NULL return value vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations. Please note: authentication is not required in order to exploit this vulnerability..
- CVE-2025-69258Jan 8, 2026risk 0.00cvss —epss 0.01
A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations.
- CVE-2025-30680Jun 17, 2025risk 0.00cvss —epss 0.00
A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (SaaS) could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations. Please note: this vulnerability only affects the SaaS instance of Apex Central - customers that automatically apply Trend Micro's monthly maintenance releases to the SaaS instance do not have to take any further action.
- CVE-2025-30679Jun 17, 2025risk 0.00cvss —epss 0.00
A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modOSCE component could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations.
- CVE-2025-47867Jun 17, 2025risk 0.00cvss —epss 0.02
A Local File Inclusion vulnerability in a Trend Micro Apex Central widget in versions below 8.0.6955 could allow an attacker to include arbitrary files to execute as PHP code and lead to remote code execution on affected installations.
- CVE-2025-47866Jun 17, 2025risk 0.00cvss —epss 0.00
An unrestricted file upload vulnerability in a Trend Micro Apex Central widget below version 8.0.6955 could allow an attacker to upload arbitrary files on affected installations.
- CVE-2025-47865Jun 17, 2025risk 0.00cvss —epss 0.02
A Local File Inclusion vulnerability in a Trend Micro Apex Central widget below version 8.0.6955 could allow an attacker to gain remote code execution on affected installations.