CVE-2025-49154
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-06-17

Last updated on: 2025-10-06

Assigner: Trend Micro, Inc.

Description
An insecure access control vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security could allow a local attacker to overwrite key memory-mapped files which could then have severe consequences for the security and stability of affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-17
Last Modified
2025-10-06
Generated
2026-05-07
AI Q&A
2025-06-17
EPSS Evaluated
2026-05-05
NVD
CVE-2025-49154
EUVD
EUVD-2025-18531
Affected Vendors & Products
Showing 8 associated CPEs
Vendor Product Version / Range
trendmicro worry-free_business_security 10.0
trendmicro worry-free_business_security 10.0
trendmicro worry-free_business_security_services From 6.7.0.0 (inc) to 6.7.3954 (exc)
trendmicro worry-free_business_security_services From 14.0.0 (inc) to 14.3.1299 (exc)
microsoft windows *
trendmicro apex_one to 14.0.14492 (exc)
trendmicro apex_one From 14.0.0.12994 (inc) to 14.0.0.14002 (exc)
microsoft windows *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CWE-NVD-CWE-Other
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is an insecure access control issue in Trend Micro Apex One and Trend Micro Worry-Free Business Security. It allows a local attacker, who already has the ability to execute low-privileged code on the target system, to overwrite key memory-mapped files. This could lead to severe consequences affecting the security and stability of the affected installations.


How can this vulnerability impact me? :

If exploited, this vulnerability can severely compromise the security and stability of the affected systems by allowing an attacker to overwrite critical memory-mapped files. This could lead to unauthorized changes, potential system crashes, or further exploitation, impacting the integrity and availability of the system.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, ensure that your Trend Micro Apex One and Trend Micro Worry-Free Business Security installations are updated to the latest versions. Since exploitation requires the ability to execute low-privileged code locally, restrict local code execution permissions and review your system's access controls. Additionally, maintain updated software versions and review remote access and perimeter security policies to reduce risk. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart