CVE-2025-47866
BaseFortify
Publication date: 2025-06-17
Last updated on: 2025-09-08
Assigner: Trend Micro, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| trendmicro | apex_central | 2019 |
| trendmicro | apex_central | 2019 |
| trendmicro | apex_central | 2019 |
| trendmicro | apex_central | 2019 |
| trendmicro | apex_central | 2019 |
| trendmicro | apex_central | 2019 |
| trendmicro | apex_central | 2019 |
| trendmicro | apex_central | 2019 |
| trendmicro | apex_central | 2019 |
| trendmicro | apex_central | 2019 |
| trendmicro | apex_central | 2019 |
| trendmicro | apex_central | 2019 |
| microsoft | windows | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-475 | The behavior of this function is undefined unless its control parameter is set to a specific value. |
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an unrestricted file upload flaw in a Trend Micro Apex Central widget (modTMCM webapp) below version 8.0.6955. It allows authenticated attackers to upload arbitrary files due to insufficient validation of user-supplied data. Exploiting this flaw can potentially enable attackers to execute code with the privileges of the IUSR account when combined with other vulnerabilities. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker with authentication to upload arbitrary files, which may lead to remote code execution with the privileges of the IUSR account. This could compromise the integrity of the affected system, potentially allowing unauthorized actions or further attacks. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate the CVE-2025-47866 vulnerability, you should immediately apply the update released by Trend Micro that addresses this issue in Apex Central versions below 8.0.6955. Additionally, review and strengthen remote access policies and perimeter security to reduce the risk of exploitation, as the vulnerability requires attacker access with low privileges. Prompt patching and limiting attacker access are key mitigation steps. [1, 2]