Trend Micro Apex One Vulnerability Allow Attackers to Inject Malicious Code
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
Multiple critical security vulnerabilities in the Trend Micro Apex One enterprise security platform could enable attackers to injectmalicious codeand escalate privileges on affected systems.
The company released emergency patches on June 9, 2025, to address five distinct vulnerabilities tracked under CVE-2025-49154 through CVE-2025-49158, with severity ratings ranging from medium to high on the CVSS 3.0 scale.
CVE-2025-49154: Insecure Access Control Vulnerability
This high-severity vulnerability (CVSS 8.7) stems from improper access control (CWE-284) in Trend Micro Apex One, allowing local attackers with low-privileged access to overwrite memory-mapped files critical to system operations.
Successful exploitation could destabilize the security agent or enable persistent malware injection by modifying protected memory regions.
CVE-2025-49155: Data Loss Prevention Remote Code Execution
Rated CVSS 8.8, this critical flaw in the Data Loss Prevention module involves an uncontrolled search path (CWE-427), enabling remote attackers to execute arbitrary code via DLL hijacking.
Attackers could deploy malicious payloads by placing forged DLLs in directories prioritized by the application’s search order, compromising entire endpoints through phishing or compromised networks.
CVE-2025-49156: Scan Engine Privilege Escalation
The scan engine’s link-following vulnerability (CVSS 7.0, CWE-269) permits local attackers to escalate privileges by manipulating symbolic links.
CVE-2025-49157: Damage Cleanup Engine Privilege Escalation
With a CVSS score of 7.8, this CWE-269 flaw in the Damage Cleanup Engine allows similar privilege escalation through symbolic link abuse.
Attackers could bypass cleanup protocols to preserve malicious files or alter restoration processes, maintaining persistence on compromised systems.
CVE-2025-49158: Security Agent Search Path Hijacking
This medium-severity vulnerability (CVSS 6.7) exploits an uncontrolled search path (CWE-427) in the Security Agent, where unquoted service paths enable privilege escalation via malicious executable placement.
Attackers could replace legitimate binaries with Trojanized versions during service restarts, gaining SYSTEM-level access despite requiring user interaction.
Mitigations
Trend Micro has released comprehensive patches addressing all identified vulnerabilities across affected platforms.
For on-premises Apex One 2019 installations, organizations must upgrade to SP1 CP Build 14002, while Apex One as a Service users require Security Agent Version 14.0.14492.
Both updates are immediately available through Trend Micro’s Download Center and should be prioritized for immediate deployment.
The company acknowledges security researchers Alexander Pudwill, Xavier DANEST from Decathlon, anonymous researchers, and Vladislav Berghici from Trend Micro Research for responsible vulnerability disclosure.
Organizations are advised to review remote access policies and ensure perimeter security configurations remain current while implementing these critical updates.
Given the enterprise-critical nature of affected systems and the potential for code injection and privilege escalation, security teams should treat these patches as emergency deployments requiring immediate attention across all Apex One installations.
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
Trend Micro Apex One Vulnerability Allow Attackers to Inject Malicious Code
Author: KaaviyaMultiple critical security vulnerabilities in the Trend Micro Apex One enterprise security platform could enable attackers to injectmalicious codeand escalate privileges on affected systems.
The company released emergency patches on June 9, 2025, to address five distinct vulnerabilities tracked under CVE-2025-49154 through CVE-2025-49158, with severity ratings ranging from medium to high on the CVSS 3.0 scale.
CVE-2025-49154: Insecure Access Control Vulnerability
This high-severity vulnerability (CVSS 8.7) stems from improper access control (CWE-284) in Trend Micro Apex One, allowing local attackers with low-privileged access to overwrite memory-mapped files critical to system operations.
Successful exploitation could destabilize the security agent or enable persistent malware injection by modifying protected memory regions.
CVE-2025-49155: Data Loss Prevention Remote Code Execution
Rated CVSS 8.8, this critical flaw in the Data Loss Prevention module involves an uncontrolled search path (CWE-427), enabling remote attackers to execute arbitrary code via DLL hijacking.
Attackers could deploy malicious payloads by placing forged DLLs in directories prioritized by the application’s search order, compromising entire endpoints through phishing or compromised networks.
CVE-2025-49156: Scan Engine Privilege Escalation
The scan engine’s link-following vulnerability (CVSS 7.0, CWE-269) permits local attackers to escalate privileges by manipulating symbolic links.
CVE-2025-49157: Damage Cleanup Engine Privilege Escalation
With a CVSS score of 7.8, this CWE-269 flaw in the Damage Cleanup Engine allows similar privilege escalation through symbolic link abuse.
Attackers could bypass cleanup protocols to preserve malicious files or alter restoration processes, maintaining persistence on compromised systems.
CVE-2025-49158: Security Agent Search Path Hijacking
This medium-severity vulnerability (CVSS 6.7) exploits an uncontrolled search path (CWE-427) in the Security Agent, where unquoted service paths enable privilege escalation via malicious executable placement.
Attackers could replace legitimate binaries with Trojanized versions during service restarts, gaining SYSTEM-level access despite requiring user interaction.
Mitigations
Trend Micro has released comprehensive patches addressing all identified vulnerabilities across affected platforms.
For on-premises Apex One 2019 installations, organizations must upgrade to SP1 CP Build 14002, while Apex One as a Service users require Security Agent Version 14.0.14492.
Both updates are immediately available through Trend Micro’s Download Center and should be prioritized for immediate deployment.
The company acknowledges security researchers Alexander Pudwill, Xavier DANEST from Decathlon, anonymous researchers, and Vladislav Berghici from Trend Micro Research for responsible vulnerability disclosure.
Organizations are advised to review remote access policies and ensure perimeter security configurations remain current while implementing these critical updates.
Given the enterprise-critical nature of affected systems and the potential for code injection and privilege escalation, security teams should treat these patches as emergency deployments requiring immediate attention across all Apex One installations.
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
