CVE-2025-49155
BaseFortify
Publication date: 2025-06-17
Last updated on: 2025-09-09
Assigner: Trend Micro, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| trendmicro | apex_one | to 14.0.14492 (exc) |
| trendmicro | apex_one | From 14.0.0.12994 (inc) to 14.0.0.14002 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-427 | The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an uncontrolled search path issue in the Trend Micro Apex One Data Loss Prevention module. It allows an attacker to inject malicious code by exploiting how the software loads DLLs, which can lead to arbitrary code execution with the privileges of the current user. Exploitation requires user interaction, such as visiting a malicious webpage or opening a malicious file. [1]
How can this vulnerability impact me? :
The vulnerability can lead to remote code execution on affected systems, allowing attackers to run arbitrary code with the current user's privileges. This can compromise confidentiality, integrity, and availability of the system. Since the attack vector is network-based and requires only user interaction, it poses a high risk to users who might visit malicious websites or open malicious files. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of CVE-2025-49155 involves identifying if the Trend Micro Apex One Data Loss Prevention module is installed and vulnerable. Since the vulnerability arises from an uncontrolled DLL search path, monitoring for unusual DLL loading behavior or scanning for the specific vulnerable version of the Apex One agent is recommended. Specific commands are not provided in the resources, but generally, you can check the installed version of Trend Micro Apex One on Windows systems using commands like 'wmic product get name,version' or 'Get-WmiObject -Class Win32_Product | Where-Object { $_.Name -like "*Trend Micro Apex One*" }' in PowerShell to verify if the version is vulnerable. Additionally, monitoring network traffic for suspicious activity related to user interaction with malicious files or webpages may help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate CVE-2025-49155 is to apply the update released by Trend Micro that addresses and fixes this vulnerability in the Apex One Data Loss Prevention module. Ensuring that the Apex One Security Agent is updated to the latest version will prevent exploitation. Additionally, since exploitation requires user interaction, educating users to avoid opening suspicious files or visiting untrusted webpages can reduce risk. Monitoring and restricting user privileges and network access may also help mitigate potential attacks. [1]