CVE-2025-49220
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-06-17

Last updated on: 2025-09-08

Assigner: Trend Micro, Inc.

Description
An insecure deserialization operation in Trend Micro Apex Central below version 8.0.7007 could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49219 but is in a different method.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-17
Last Modified
2025-09-08
Generated
2026-05-07
AI Q&A
2025-06-17
EPSS Evaluated
2026-05-05
NVD
CVE-2025-49220
EUVD
EUVD-2025-18514
Affected Vendors & Products
Showing 14 associated CPEs
Vendor Product Version / Range
trendmicro apex_central 2019
trendmicro apex_central 2019
trendmicro apex_central 2019
trendmicro apex_central 2019
trendmicro apex_central 2019
trendmicro apex_central 2019
trendmicro apex_central 2019
trendmicro apex_central 2019
trendmicro apex_central 2019
trendmicro apex_central 2019
trendmicro apex_central 2019
trendmicro apex_central 2019
trendmicro apex_central 2019
microsoft windows *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-477 The code uses deprecated or obsolete functions, which suggests that the code has not been actively reviewed or maintained.
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-49220 is a critical vulnerability in Trend Micro Apex Central (versions below 8.0.7007) caused by insecure deserialization in the ConvertFromJson method. This method improperly processes user-supplied data without proper validation, allowing remote attackers to execute arbitrary code on the affected system without authentication. [1]


How can this vulnerability impact me? :

This vulnerability can lead to remote code execution by an attacker without requiring authentication, potentially allowing them to run arbitrary code with NETWORK SERVICE privileges. This can result in full compromise of the affected system, including data theft, system manipulation, or disruption of services. [1]


What immediate steps should I take to mitigate this vulnerability?

Apply the update released by Trend Micro to fix the vulnerability in Apex Central. Ensure your installation is upgraded to version 8.0.7007 or later to address the insecure deserialization flaw and prevent remote code execution. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart