← back
CVE-2025-49155

CVE-2025-49155

CVSS 8.8 HIGHEPSS 0.8%CWE-427
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.8EPSS 0.8%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
17 Jun 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An uncontrolled search path vulnerability in the Trend Micro Apex One Data Loss Prevention module could allow an attacker to inject malicious code leading to arbitrary code execution on affected installations.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Trend Micro, Inc. · Trend Micro Apex OneTrend Micro, Inc. · Trend Micro Apex One as a Service

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://success.trendmicro.com/en-US/solution/KA-0019917https://www.zerodayinitiative.com/advisories/ZDI-25-362/