An insecure deserialization operation in Trend Micro Apex Central below version 8.0.7007 could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49219 but is in a different method.
The application deserializes data supplied by the attacker using an unsafe deserialization operation (CWE-502) without prior verification of the requester's identity. Submitting a properly crafted payload to the vulnerable endpoint allows control of the deserialization process and execution of malicious code in the application context. The vulnerability affects a different method than CVE-2025-49219, but belongs to the same class of errors.
An attacker without any privileges can remotely execute arbitrary code (RCE) on a server running Trend Micro Apex Central, which can consequently lead to complete system compromise, loss of confidentiality, integrity, and availability of data.
Trend Micro Apex Central must be immediately updated to version 8.0.7007 or later in accordance with the vendor's recommendations published at https://success.trendmicro.com/en-US/solution/KA-0019926
Trend Micro Apex Central versions below 8.0.7007 installed on Microsoft Windows
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HMicrosoft Windows
OSMicrosoftwszystkie wersjeTrendmicro Apex Central
APPTrendmicro2019
Related vulnerabilities
Atak na łańcuch dostaw DAEMON Tools Lite — trojanizacja instalatorów
Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty
Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP
Path Traversal w Kingsoft WPS Office — ładowanie dowolnej biblioteki Windows
PHP CGI argument injection – RCE na Windows przez mechanizm Best-Fit