CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2020-8599

CVSS 9.8v3.1pub. 2020-03-18upd. 2025-10-31

Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Authentication is not required to exploit this vulnerability.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Trendmicro Apex One

    APP
    Trendmicro
    2019
  • Trendmicro Officescan

    APP
    Trendmicro
    xg

CISA KEV — detailsi

Vendori
Trend Micro
Producti
Apex One and OfficeScan
Added to KEVi
November 3, 2021
Remediation deadline (US Federal)i
May 3, 2022(overdue)
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

Trend Micro Apex One and OfficeScan server contain a vulnerable EXE file that could allow a remote attacker to write data to a path on affected installations and bypass root login.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 3 maja 2022
CWE
References

Related vulnerabilities

CVE-2025-54948CRITICAL9.4⚠ KEVPL ✓ten sam produkt

Command injection w Trend Micro Apex One – RCE bez uwierzytelnienia

CVE-2022-26871CRITICAL9.8⚠ KEVten sam produkt

An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attac...

CVE-2025-54987CRITICAL9.4PL ✓ten sam produkt

RCE w Trend Micro Apex One – command injection bez uwierzytelnienia

CVE-2023-32557CRITICAL9.8ten sam produkt

A path traversal vulnerability in the Trend Micro Apex One and Apex One as a Service could allow an unauthenti...

CVE-2023-25143CRITICAL9.8ten sam produkt

An uncontrolled search path element vulnerability in the Trend Micro Apex One Server installer could allow an ...