CVE-2025-49219

CWE-477CWE-502Deserialization of Untrusted Data3 documents3 sources
Severity
9.8CRITICAL
EPSS
9.2%
top 7.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Trend Micro, Inc. Trend Micro Apex CentralTrendmicro Apex Central
Timeline
PublishedJun 17

Description

An insecure deserialization operation in Trend Micro Apex Central below versions 8.0.7007 could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49220 but is in a different method.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5trend_micro,_inc./trend_micro_apex_central8.08.0.7007

🔴Vulnerability Details

2
CVEList
CVE-2025-49219: An insecure deserialization operation in Trend Micro Apex Central below versions 82025-06-17
GHSA
GHSA-xfcv-jhfx-64pp: An insecure deserialization operation in Trend Micro Apex Central below versions 82025-06-17
CVE-2025-49219 (CRITICAL CVSS 9.8) | An insecure deserialization operati | cvebase.io