CVE-2025-49156
BaseFortify
Publication date: 2025-06-17
Last updated on: 2025-09-09
Assigner: Trend Micro, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| trendmicro | apex_one | to 14.0.14492 (exc) |
| trendmicro | apex_one | From 14.0.0.12994 (inc) to 14.0.0.14002 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-59 | The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource. |
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-49156 is a local privilege escalation vulnerability in the Trend Micro Apex One Security Agent, specifically in the VsapiNT.sys kernel module. An attacker who can already execute low-privileged code on the system can exploit this flaw by creating symbolic links that abuse the driver to create arbitrary files. This allows the attacker to escalate their privileges to SYSTEM-level, gaining full control over the affected system. The vulnerability only occurs if the product is configured by an administrator to use a non-default malware remediation action. [1]
How can this vulnerability impact me? :
This vulnerability can allow a local attacker with limited privileges to escalate their access to SYSTEM-level privileges, effectively gaining full control over the affected system. This can lead to unauthorized access, modification, or deletion of sensitive data, disruption of system availability, and potential execution of arbitrary code with the highest privileges. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by verifying if the Trend Micro Apex One Security Agent is installed and if it is configured to use a non-default malware remediation action, as the vulnerability only manifests under this condition. Additionally, checking for the presence of the vulnerable VsapiNT.sys kernel module may help. Specific detection commands are not provided in the available resources. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately apply the update released by Trend Micro that addresses and fixes the issue. Additionally, review and consider reverting any non-default malware remediation actions configured in the Trend Micro Apex One Security Agent to default settings until the patch is applied. [1]