CVE-2025-49155 — Uncontrolled Search Path Element in Micro INC Trend Micro Apex ONE

CWE-427 — Uncontrolled Search Path Element3 documents3 sources

Severity

8.8HIGHNVD

EPSS

0.4%

top 36.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trend Micro INC Trend Micro Apex ONE Trend Micro INC Trend Micro Apex ONE AS A Service Trendmicro Apex ONE

Timeline

PublishedJun 17

Description

An uncontrolled search path vulnerability in the Trend Micro Apex One Data Loss Prevention module could allow an attacker to inject malicious code leading to arbitrary code execution on affected installations.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶NVDtrendmicro/apex_one14.0.0.12994 — 14.0.0.14002+1

▶CVEListV5trend_micro_inc/trend_micro_apex_one2019 (14.0) — 14.0.0.14002

▶CVEListV5trend_micro_inc/trend_micro_apex_one_as_a_serviceSaaS — 14.0.14492

🔴Vulnerability Details

GHSA

GHSA-fv5f-j75m-8c2j: An uncontrolled search path vulnerability in the Trend Micro Apex One Data Loss Prevention module could allow an attacker to inject malicious code lea↗2025-06-17

▶

CVEList

CVE-2025-49155: An uncontrolled search path vulnerability in the Trend Micro Apex One Data Loss Prevention module could allow an attacker to inject malicious code lea↗2025-06-17

▶