CVE-2025-47867 — Injection in Micro INC Trend Micro Apex Central

CWE-74 — Injection3 documents3 sources

Severity

9.8CRITICALNVD

CNA7.5

EPSS

1.8%

top 17.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trend Micro INC Trend Micro Apex Central Trendmicro Apex Central

Timeline

PublishedJun 17

Description

A Local File Inclusion vulnerability in a Trend Micro Apex Central widget in versions below 8.0.6955 could allow an attacker to include arbitrary files to execute as PHP code and lead to remote code execution on affected installations.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5trend_micro_inc/trend_micro_apex_central8.0 — 8.0.6955

▶NVDtrendmicro/apex_central2019

🔴Vulnerability Details

CVEList

CVE-2025-47867: A Local File Inclusion vulnerability in a Trend Micro Apex Central widget in versions below 8↗2025-06-17

▶

GHSA

GHSA-qcjw-3m37-53c6: A Local File Inclusion vulnerability in a Trend Micro Apex Central widget in versions below 8↗2025-06-17

▶