An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upload an arbitrary file which could lead to remote code execution.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HTrendmicro Apex Central
APPTrendmicro2019Trendmicro Apex One
APPTrendmicrowszystkie wersje
CISA KEV — detailsi
- Vendori
- Trend Micro
- Producti
- Apex Central
- Added to KEVi
- March 31, 2022
- Remediation deadline (US Federal)i
- April 21, 2022(overdue)
Required action (CISA)i
Apply updates per vendor instructions.
CISA descriptioni
An arbitrary file upload vulnerability in Trend Micro Apex Central could allow for remote code execution.
🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
⏰CISA DEADLINE: 21 kwietnia 2022
Tags
RCE
References
Related vulnerabilities
CVE-2025-54948CRITICAL9.4⚠ KEVPL ✓ten sam produkt
Command injection w Trend Micro Apex One – RCE bez uwierzytelnienia
CVE-2020-8599CRITICAL9.8⚠ KEVten sam produkt
Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote a...
CVE-2025-69258CRITICAL9.8PL ✓ten sam produkt
Krytyczna podatność LoadLibraryEX w Trend Micro Apex Central — RCE jako SYSTEM
CVE-2025-54987CRITICAL9.4PL ✓ten sam produkt
RCE w Trend Micro Apex One – command injection bez uwierzytelnienia
CVE-2025-49219CRITICAL9.8PL ✓ten sam produkt
RCE przez insecure deserialization w Trend Micro Apex Central (pre-auth)