CVE-2025-49158
BaseFortify
Publication date: 2025-06-17
Last updated on: 2025-09-09
Assigner: Trend Micro, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| trendmicro | apex_one | to 14.0.14492 (exc) |
| trendmicro | apex_one | From 14.0.0.12994 (inc) to 14.0.0.14002 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-427 | The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-49158 is a local privilege escalation vulnerability in the Trend Micro Apex One Security Agent. It occurs due to an uncontrolled search path in the product uninstaller, which executes a program from an unsecured location. An attacker must first have the ability to run low-privileged code on the system. The vulnerability allows the attacker to escalate privileges to SYSTEM level when an administrator uninstalls the Security Agent, enabling execution of arbitrary code with high privileges. [1]
How can this vulnerability impact me? :
This vulnerability can allow a local attacker who already has limited code execution capabilities to escalate their privileges to SYSTEM level on the affected system. This means the attacker could gain full control over the system, potentially leading to unauthorized access, data manipulation, or disruption of system operations. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves verifying if the Trend Micro Apex One Security Agent is installed and whether it is vulnerable to the uncontrolled search path issue in the uninstaller. Since exploitation requires local low-privileged code execution and occurs during uninstallation, monitoring for uninstallation attempts or suspicious execution from unsecured locations may help. Specific commands are not provided in the available resources. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to apply the update released by Trend Micro that addresses and fixes this vulnerability. Additionally, restrict unprivileged users from uninstalling the Apex One Security Agent and monitor uninstallation activities to prevent privilege escalation. [1]