Trend Micro Inc Trend Micro Apex One vulnerabilities
57 known vulnerabilities affecting trend_micro_inc/trend_micro_apex_one.
Total CVEs
57
CISA KEV
2
actively exploited
Public exploits
0
Exploited in wild
2
Severity breakdown
CRITICAL3HIGH47MEDIUM7
Vulnerabilities
Page 1 of 3
CVE-2025-54948P1CRITICALCVSS 9.8KEV≥ 2019 (14.0), < 14.0.0.140392025-08-05
CVE-2025-54948 [CRITICAL] CWE-78 CVE-2025-54948: A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authentica
A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations.
nvd
CVE-2023-41179P1HIGHCVSS 7.2KEV≥ 2019 (14.0), < 14.0.0.12380≥ SaaS, < 14.0.126372023-09-19
CVE-2023-41179 [HIGH] CWE-94 CVE-2023-41179: A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem an
A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation.
Note that an attacker must first obtain administrative console ac
nvd
CVE-2023-32557P2CRITICALCVSS 9.8≥ 2019, < 14.0.0.120242023-06-26
CVE-2023-32557 [CRITICAL] CWE-22 CVE-2023-32557: A path traversal vulnerability in the Trend Micro Apex One and Apex One as a Service could allow an
A path traversal vulnerability in the Trend Micro Apex One and Apex One as a Service could allow an unauthenticated attacker to upload an arbitrary file to the Management Server which could lead to remote code execution with system privileges.
nvd
CVE-2023-25143P2CRITICALCVSS 9.8≥ 2019 (14.0), < 14.0.0.115642023-03-10
CVE-2023-25143 [CRITICAL] CWE-427 CVE-2023-25143: An uncontrolled search path element vulnerability in the Trend Micro Apex One Server installer could
An uncontrolled search path element vulnerability in the Trend Micro Apex One Server installer could allow an attacker to achieve a remote code execution state on affected products.
nvd
CVE-2024-52047P3HIGHCVSS 8.8≥ 2019 (14.0), < 14.0.0.129802024-12-31
CVE-2024-52047 [HIGH] CWE-552 CVE-2024-52047: A widget local file inclusion vulnerability in Trend Micro Apex One could allow a remote attacker to
A widget local file inclusion vulnerability in Trend Micro Apex One could allow a remote attacker to execute arbitrary code on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
CVE-2025-49155P3HIGHCVSS 8.8≥ 2019 (14.0), < 14.0.0.140022025-06-17
CVE-2025-49155 [HIGH] CWE-427 CVE-2025-49155: An uncontrolled search path vulnerability in the Trend Micro Apex One Data Loss Prevention module co
An uncontrolled search path vulnerability in the Trend Micro Apex One Data Loss Prevention module could allow an attacker to inject malicious code leading to arbitrary code execution on affected installations.
nvd
CVE-2024-39753P3HIGHCVSS 7.5≥ 2019 (14.0), < 14.0.0.129802024-10-22
CVE-2024-39753 [HIGH] CWE-89 CVE-2024-39753: An modOSCE SQL Injection vulnerability in Trend Micro Apex One could allow a remote attacker to exec
An modOSCE SQL Injection vulnerability in Trend Micro Apex One could allow a remote attacker to execute arbitrary code on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
CVE-2024-36305P3HIGHCVSS 7.8≥ 2019 (14.0), < 14.0.0.129802024-06-10
CVE-2024-36305 [HIGH] CWE-59 CVE-2024-36305: A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker t
A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
CVE-2024-37289P3HIGHCVSS 7.8≥ 2019 (14.0), < 14.0.0.129802024-06-10
CVE-2024-37289 [HIGH] CWE-284 CVE-2024-37289: An improper access control vulnerability in Trend Micro Apex One could allow a local attacker to esc
An improper access control vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
CVE-2024-58104P3HIGHCVSS 7.8≥ 2019 (14.0), < 14.0.0.131222025-03-25
CVE-2024-58104 [HIGH] CWE-269 CVE-2024-58104: A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could all
A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
CVE-2023-47202P3HIGHCVSS 7.8≥ 2019 (14.0), < 14.0.0.125262024-01-23
CVE-2023-47202 [HIGH] CWE-552 CVE-2023-47202: A local file inclusion vulnerability on the Trend Micro Apex One management server could allow a loc
A local file inclusion vulnerability on the Trend Micro Apex One management server could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
CVE-2024-52050P3HIGHCVSS 7.8≥ 2019 (14.0), < 14.0.0.131402024-12-31
CVE-2024-52050 [HIGH] CWE-59 CVE-2024-52050: A LogServer arbitrary file creation vulnerability in Trend Micro Apex One could allow a local attack
A LogServer arbitrary file creation vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
CVE-2025-49154P3HIGHCVSS 7.8≥ 2019 (14.0), < 14.0.0.140022025-06-17
CVE-2025-49154 [HIGH] CWE-284 CVE-2025-49154: An insecure access control vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business
An insecure access control vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security could allow a local attacker to overwrite key memory-mapped files which could then have severe consequences for the security and stability of affected installations.
Please note: an attacker must first obtain the ability to execute low-privil
nvd
CVE-2024-36302P3HIGHCVSS 7.8≥ 2019 (14.0), < 14.0.0.129802024-06-10
CVE-2024-36302 [HIGH] CWE-346 CVE-2024-36302: An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local at
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
This vulnerability is similar to, but not ident
nvd
CVE-2023-25145P3HIGHCVSS 7.8≥ 2019 (14.0), < 14.0.0.115642023-03-10
CVE-2023-25145 [HIGH] CWE-59 CVE-2023-25145: A link following vulnerability in the scanning function of Trend Micro Apex One agent could allow a
A link following vulnerability in the scanning function of Trend Micro Apex One agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
CVE-2024-55632P3HIGHCVSS 7.8≥ 2019 (14.0), < 14.0.0.131402024-12-31
CVE-2024-55632 [HIGH] CWE-269 CVE-2024-55632: A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker t
A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
CVE-2024-55631P3HIGHCVSS 7.8≥ 2019 (14.0), < 14.0.0.131402024-12-31
CVE-2024-55631 [HIGH] CWE-269 CVE-2024-55631: An engine link following vulnerability in Trend Micro Apex One could allow a local attacker to escal
An engine link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
CVE-2024-52048P3HIGHCVSS 7.8≥ 2019 (14.0), < 14.0.0.131402024-12-31
CVE-2024-52048 [HIGH] CWE-266 CVE-2024-52048: A LogServer link following vulnerability in Trend Micro Apex One could allow a local attacker to esc
A LogServer link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. This vulnerability is similar to, but not identical to CVE-2024-52049.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulne
nvd
CVE-2023-52091P3HIGHCVSS 7.8≥ 2019 (14.0), < 14.0.0.125342024-01-23
CVE-2023-52091 [HIGH] CWE-59 CVE-2023-52091: An anti-spyware engine link following vulnerability in Trend Micro Apex One could allow a local atta
An anti-spyware engine link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
CVE-2023-52092P3HIGHCVSS 7.8≥ 2019 (14.0), < 14.0.0.125342024-01-23
CVE-2023-52092 [HIGH] CWE-59 CVE-2023-52092: A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker t
A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
1 / 3Next →