CVE-2022-40139
published 2022-09-19CVE-2022-40139: Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service clients could allow a Apex…
PriorityP179high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-10-06
Exploited in the wild
EPSS
3.05%
85.9th percentile
Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service clients could allow a Apex One server administrator to instruct affected clients to download an unverified rollback package, which could lead to remote code execution. Please note: an attacker must first obtain Apex One server administration console access in order to exploit this vulnerability.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| trend_micro | trend_micro_apex_one | — | — |
| trendmicro | apex_one | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2022-40139 was exploited in the wild (zero-day) in September 2022; any Apex One server-initiated rollback package download to clients should be treated as suspicious if the package cannot be verified. ↗
- →The attack vector requires an authenticated Apex One server administration console session; monitor for anomalous admin console logins or unexpected rollback operations initiated from the server to clients. ↗
- →The exploitation mechanism involves the server instructing clients to download an unverified rollback package; alert on Apex One client processes initiating unexpected rollback/update downloads, especially to unverified or unsigned packages. ↗
- ·Exploitation requires prior compromise of the Apex One server administration console; the vulnerability is not directly remotely exploitable without that initial access. ↗
- ·Vendor patch guidance and advisory details are available at the Trend Micro support portal; apply updates per vendor instructions as mandated by CISA with a remediation due date of 2022-10-06. ↗
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
vulncheck7.2HIGH
cisa7.2HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
Trend Micro Apex One and Apex One as a Service Improper Validation Vulnerability
cisa·2022-09-15·CVSS 7.2
CVE-2022-40139 [HIGH] CWE-353 Trend Micro Apex One and Apex One as a Service Improper Validation Vulnerability
Vulnerability: Trend Micro Apex One and Apex One as a Service Improper Validation Vulnerability
Affected: Trend Micro Apex One and Apex One as a Service
Trend Micro Apex One and Apex One as a Service contain an improper validation of rollback mechanism components that could lead to remote code execution.
Required Action: Apply updates per vendor instructions.
Notes: https://success.trendmicro.com/dcx/s/solution/000291528?language=en_US; https://nvd.nist.gov/vuln/detail/CVE-2022-40139
Remediation Due Date: 2022-10-06
GHSA
GHSA-6h63-j29f-rv95: Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service clients could allo
ghsa_unreviewed·2022-09-20
CVE-2022-40139 [HIGH] CWE-20 GHSA-6h63-j29f-rv95: Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service clients could allo
Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service clients could allow a Apex One server administrator to instruct affected clients to download an unverified rollback package, which could lead to remote code execution. Please note: an attacker must first obtain Apex One server administration console access in order to exploit this vulnerability.
VulnCheck
Trend Micro Apex One and Apex One as a Service Improper Validation Vulnerability
vulncheck·2022·CVSS 7.2
CVE-2022-40139 [HIGH] CWE-353 Trend Micro Apex One and Apex One as a Service Improper Validation Vulnerability
Trend Micro Apex One and Apex One as a Service Improper Validation Vulnerability
Trend Micro Apex One and Apex One as a Service contain an improper validation of rollback mechanism components that could lead to remote code execution.
Affected: Trend Micro Apex One and Apex One as a Service
Required Action: Apply updates per vendor instructions.
Exploitation References: https://www.bleepingcomputer.com/news/security/trend-micro-warns-of-actively-exploited-apex-one-rce-vulnerability/; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://success.trendmicro.com/dcx/s/solution/000291528; https://www.mandiant.com/resources/blog/zero-days-exploited-2022
Remediation Due: 2022-10-06
No detection rules found.
No public exploits indexed.
Bleepingcomputer
Trend Micro warns of Apex One zero-day exploited in the wild
blogs_bleepingcomputer·2026-05-22·CVSS 6.7
CVE-2026-34926 [MEDIUM] Trend Micro warns of Apex One zero-day exploited in the wild
## Trend Micro warns of Apex One zero-day exploited in the wild
## Sergiu Gatlan
Japanese cybersecurity software company Trend Micro has addressed an Apex One zero-day vulnerability exploited in attacks targeting Windows systems.
Apex One is Trend Micro's enterprise-grade endpoint security platform that protects corporate networks from a wide range of security threats, including malware, ransomware, fileless attacks, and web-based threats.
Tracked as CVE-2026-34926 , this directory traversal vulnerability in the Apex One (on-premises) server allows local attackers with admin privileges to inject malicious code.
"A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious
Bleepingcomputer
Trend Micro warns of critical Apex One code execution flaws
blogs_bleepingcomputer·2026-02-26·CVSS 9.4
CVE-2025-7121 [CRITICAL] Trend Micro warns of critical Apex One code execution flaws
## Trend Micro warns of critical Apex One code execution flaws
## Sergiu Gatlan
Japanese cybersecurity software firm Trend Micro has patched two critical Apex One vulnerabilities that allow attackers to gain remote code execution (RCE) on vulnerable Windows systems.
Apex One is an endpoint security platform that detects and responds to security threats, including malware, spyware, malicious tools, and vulnerabilities.
The first critical Apex One security flaw patched this week (CVE-2025-71210) is due to a path traversal weakness in the Trend Micro Apex One management console, allowing attackers without privileges to execute malicious code on unpatched systems.
The second, tracked as CVE-2025-71211, is another Apex One management console path traversal vulnerability, similar in scope t
Tenable
CVE-2025-54987, CVE-2025-54948: Trend Micro Apex One Command Injection Zero-Days Exploited In The Wild
blogs_tenable·2025-08-06·CVSS 9.4
[CRITICAL] CVE-2025-54987, CVE-2025-54948: Trend Micro Apex One Command Injection Zero-Days Exploited In The Wild
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Bleepingcomputer
Trend Micro warns of Apex One zero-day exploited in attacks
blogs_bleepingcomputer·2025-08-06·CVSS 9.4
CVE-2025-54948 [CRITICAL] Trend Micro warns of Apex One zero-day exploited in attacks
## Trend Micro warns of Apex One zero-day exploited in attacks
## Sergiu Gatlan
Trend Micro has warned customers to immediately secure their systems against an actively exploited remote code execution vulnerability in its Apex One endpoint security platform.
Apex One is an endpoint security platform designed to automatically detect and respond to threats, including malicious tools, malware, and vulnerabilities.
This critical security flaw (tracked as CVE-2025-54948 and CVE-2025-54987 depending on the CPU architecture) is due to a command injection weakness in the Apex One Management Console (on-premise) that enables pre-authenticated attackers to execute arbitrary code remotely on systems running unpatched software.
Trend Micro has yet to issue security updates to patch this actively
Qualys
October 2022 Patch Tuesday | Microsoft Releases 84 Vulnerabilities With 13 Critical, Plus 12 Microsoft Edge (Chromium-Based); Adobe Releases 4 Advisories, 29 Vulnerabilities With 17 Critical. | Qualys
blogs_qualys·2022-10-11·CVSS 7.8
[HIGH] October 2022 Patch Tuesday | Microsoft Releases 84 Vulnerabilities With 13 Critical, Plus 12 Microsoft Edge (Chromium-Based); Adobe Releases 4 Advisories, 29 Vulnerabilities With 17 Critical. | Qualys
#### Table of Contents
- Microsoft Patch Tuesday Summary
- Microsoft Exchange ProxyNotShell Zero-Days Not Yet Addressed (QID 50122)
- The October 2022 Microsoft Vulnerabilities Are Classified As Follows:
- Two Zero-Day Vulnerabilities Addressed
- Microsoft Critical Vulnerability Highlights
- Microsoft Release Summary
- Microsoft Edge | Last But Not Least
- Adobe Security Bulletins and Advisories
- About Qualys Patch Tuesday
- Qualys Threat Research Blog Posts
- Qualys Threat Protection High-Rated Advisories
- Discover and Prioritize Vulnerabilities in Vulnerability Management Detection Response(VMDR)
- Rapid Response With Patch Management (PM)
- EXECUTE Mitigation Using Custom Assessment and Remediation (CAR)
- EVALUATE Vendor-Suggested Mitigation With Policy Compliance (PC)
- This Month
Qualys
October 2022 Patch Tuesday | Microsoft Releases 84 Vulnerabilities With 13 Critical, Plus 12 Microsoft Edge (Chromium-Based); Adobe Releases 4 Advisories, 29 Vulnerabilities With 17 Critical.
blogs_qualys·2022-10-11·CVSS 7.8
[HIGH] October 2022 Patch Tuesday | Microsoft Releases 84 Vulnerabilities With 13 Critical, Plus 12 Microsoft Edge (Chromium-Based); Adobe Releases 4 Advisories, 29 Vulnerabilities With 17 Critical.
## Table of Contents
Microsoft Patch Tuesday Summary
Microsoft Exchange ProxyNotShell Zero-Days Not Yet Addressed (QID 50122)
The October 2022 Microsoft Vulnerabilities Are Classified As Follows:
Two Zero-Day Vulnerabilities Addressed
Microsoft Critical Vulnerability Highlights
Microsoft Release Summary
Microsoft Edge | Last But Not Least
Adobe Security Bulletins and Advisories
About Qualys Patch Tuesday
Qualys Threat Research Blog Posts
Qualys Threat Protection High-Rated Advisories
Discover and Prioritize Vulnerabilities in Vulnerability Management Detection Response(VMDR)
Rapid Response With Patch Management (PM)
EXECUTE Mitigation Using Custom Assessment and Remediation (CAR)
EVALUATE Vendor-Suggested Mitigation With Policy Compliance (PC)
This Month in Vulnerabilities
Tenable
CVE-2022-40139: Vulnerability in Trend Micro Apex One Exploited in the Wild
blogs_tenable·2022-09-14·CVSS 7.2
[HIGH] CVE-2022-40139: Vulnerability in Trend Micro Apex One Exploited in the Wild
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
2022-09-19
Published
2022-09-15
Added to CISA KEV
Exploited in the wild