Published on
Trend Micro has issued an urgent security bulletin addressing five critical vulnerabilities in its Apex One endpoint security platform that could allow attackers to execute arbitrary code and escalate privileges on affected systems.
The vulnerabilities, assigned CVE identifiers CVE-2025-49154 through CVE-2025-49158, were disclosed on June 9, 2025, with CVSS scores ranging from 6.7 to 8.8, indicating medium to high severity ratings.
The security flaws affect both Apex One 2019 (On-premises) and Apex One as a Service installations running on Windows platforms.
Given my work in cybersecurity news and vulnerability analysis1516, this represents a significant security update that organizations using Trend Micro’s enterprise security solutions must address immediately.
The most severe vulnerability, CVE-2025-49154, carries a CVSS score of 8.7 and involves improper access control mechanisms.
This flaw allows local attackers to overwrite key memory-mapped files, potentially compromising system security and stability.
The vulnerability exists due to improper access restrictions, enabling authenticated users to escalate privileges on affected systems.
Four additional vulnerabilities compound the security risk profile.
CVE-2025-49156 and CVE-2025-49157 both involve link following vulnerabilities in the scan engine and damage cleanup engine, respectively, allowing local privilege escalation with CVSS scores of 7.0 and 7.8.
The fifth vulnerability, CVE-2025-49158, affects the security agent’s uninstaller process, potentially allowing privilege escalation during product removal.
The most concerning vulnerability from an attack surface perspective is CVE-2025-49155, which affects the Data Loss Prevention module and carries the highest CVSS score of 8.8.
This uncontrolled search path vulnerability enables remote attackers to execute arbitrary code on affected installations, requiring only user interaction such as visiting a malicious webpage or opening a malicious file.
The flaw results from loading a DLL from an uncontrolled search path, classified under CWE-427: Uncontrolled Search Path Element.
The vulnerability was discovered by Xavier DANEST from Decathlon and reported through Trend Micro’s Zero Day Initiative program.
Unlike the local privilege escalation vulnerabilities that require authenticated access, this remote code execution flaw significantly expands the potential attack surface for threat actors targeting Apex One deployments.
Trend Micro has released patches to address all identified vulnerabilities.
Organizations running Apex One 2019 (On-premises) should upgrade to SP1 CP Build 14002, while Apex One as a Service customers should update to Security Agent Version 14.0.14492.
Both updates are immediately available through Trend Micro’s distribution channels.
The company acknowledges researchers Alexander Pudwill, Xavier DANEST from Decathlon, anonymous researchers working with the Zero Day Initiative, and Vladislav Berghici from Trend Micro Research for responsibly disclosing these vulnerabilities.
All vulnerabilities have been assigned Zero Day Initiative tracking numbers, and published advisories are available on the ZDI website.
Organizations should prioritize these updates given the combination of high CVSS scores and the potential for both local privilege escalation and remote code execution attacks targeting enterprise security infrastructure.
Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates
Credential abuse is #1 attack vector in web and API breaches today (Verizon DBIR 2025). Join our live, 15-min attack simulation with Karthik Krishnamoorthy (CTO – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) to see hackers move from first probe to full account takeover.
GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.
Company
Trending
Categories
Copyright @ 2016 – 2025 GBHackers On Security – All Rights Reserved