CVE-2025-47867
BaseFortify
Publication date: 2025-06-17
Last updated on: 2025-09-08
Assigner: Trend Micro, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| trendmicro | apex_central | 2019 |
| trendmicro | apex_central | 2019 |
| trendmicro | apex_central | 2019 |
| trendmicro | apex_central | 2019 |
| trendmicro | apex_central | 2019 |
| trendmicro | apex_central | 2019 |
| trendmicro | apex_central | 2019 |
| trendmicro | apex_central | 2019 |
| trendmicro | apex_central | 2019 |
| trendmicro | apex_central | 2019 |
| trendmicro | apex_central | 2019 |
| trendmicro | apex_central | 2019 |
| microsoft | windows | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-47867 is a Local File Inclusion vulnerability in the getBlock function of a Trend Micro Apex Central widget. It occurs because the application improperly validates user-supplied data before passing it to a PHP include function. This flaw allows an attacker with low privileges and authentication to include arbitrary files that can be executed as PHP code, leading to remote code execution on affected systems. [1]
How can this vulnerability impact me? :
This vulnerability can lead to remote code execution, allowing attackers to execute arbitrary code on the affected system. It has a high impact on confidentiality, integrity, and availability, meaning attackers could access sensitive data, modify or delete data, and disrupt system operations. Exploitation requires low privileges and no user interaction, increasing the risk of compromise. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves verifying if the Trend Micro Apex Central installation is running a vulnerable version below 8.0.6955. Since exploitation requires authentication and involves the getBlock function in the Apex Central widget, monitoring web server logs for suspicious requests to this function or unusual PHP include activity may help. However, no specific detection commands or signatures are provided in the available resources. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to apply the update released by Trend Micro that addresses this vulnerability. Ensuring the Apex Central installation is upgraded to version 8.0.6955 or later will remediate the issue. Additionally, restricting access to the Apex Central interface and monitoring for suspicious activity can help reduce risk until the patch is applied. [1]