A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:HTrendmicro Apex One
APPTrendmicro2019
CISA KEV — detailsi
- Vendori
- Trend Micro
- Producti
- Apex One
- Added to KEVi
- August 18, 2025
- Remediation deadline (US Federal)i
- September 8, 2025(overdue)
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Trend Micro Apex One Management Console (on-premise) contains an OS command injection vulnerability that could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations.
Related vulnerabilities
An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attac...
Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote a...
RCE w Trend Micro Apex One – command injection bez uwierzytelnienia
A path traversal vulnerability in the Trend Micro Apex One and Apex One as a Service could allow an unauthenti...
An uncontrolled search path element vulnerability in the Trend Micro Apex One Server installer could allow an ...