Vulnerabilidades en Trend Micro, Inc.
180 resultadosAnálisis Vexday
O portfólio de vulnerabilidades da Trend Micro, Inc. reúne 180 CVEs catalogadas, das quais 3 estão confirmadas em exploração ativa no catálogo KEV da CISA — representando uma taxa 3,7 vezes acima da média geral do catálogo, sinal que merece atenção prioritária de equipes de resposta. A falha mais crítica em exploração ativa no momento é CVE-2025-54948, com pontuação EPSS de 0,2025, indicando probabilidade relevante de exploração continuada. O tipo de falha mais recorrente é CWE-346 (validação de origem em requisições), padrão que sugere fragilidades no controle de confiança entre componentes. Com 13 CVEs de severidade crítica, 16 surgidas nos últimos 90 dias e um EPSS máximo observado de 0,6894, o ritmo de novas exposições e o potencial de exploração justificam monitoramento contínuo e aplicação ágil de correções.
CVE-2025-49385HIGHTrend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attEPSS 0.1%CVE-2023-47193HIGHAn origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affecteEPSS 0.1%CVE-2025-49384HIGHTrend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attEPSS 0.1%CVE-2023-47201MEDIUMA plug-in manager origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privilEPSS 0.1%CVE-2025-30642MEDIUMA link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker to create a denial of service (DoS) sitEPSS 0.1%CVE-2024-55955MEDIUMAn incorrect permissions assignment vulnerability in Trend Micro Deep Security 20.0 agents between versions 20.0.1-9400 and 20.0.1-23340 couEPSS 0.1%CVE-2023-30902—A privilege escalation vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to unintentionEPSS 0.1%CVE-2025-49158MEDIUMAn uncontrolled search path vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalation privileges oEPSS 0.1%CVE-2024-45334HIGHTrend Micro Antivirus One versions 3.10.4 and below (Consumer) is vulnerable to an Arbitrary Configuration Update that could allow unauthoriEPSS 0.1%CVE-2023-47195HIGHAn origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affecteEPSS 0.1%CVE-2023-47194HIGHAn origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affecteEPSS 0.1%CVE-2023-47200HIGHA plug-in manager origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privilEPSS 0.1%CVE-2025-49156HIGHA link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalation privileges on affected insEPSS 0.1%CVE-2023-47199HIGHAn origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affecteEPSS 0.1%CVE-2023-47196HIGHAn origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affecteEPSS 0.1%CVE-2023-47198HIGHAn origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affecteEPSS 0.1%CVE-2023-47197HIGHAn origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affecteEPSS 0.1%CVE-2025-49211HIGHA SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affectedEPSS 0.1%CVE-2025-49218HIGHA post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges oEPSS 0.1%CVE-2025-49154HIGHAn insecure access control vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security could allow a local attacker tEPSS 0.1%