8.7
CVE-2025-49154
- EPSS 0.02%
- Published 17.06.2025 18:42:10
- Last modified 06.10.2025 19:11:24
- Source security@trendmicro.com
- Teams watchlist Login
- Open Login
An insecure access control vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security could allow a local attacker to overwrite key memory-mapped files which could then have severe consequences for the security and stability of affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Data is provided by the National Vulnerability Database (NVD)
Trendmicro ≫ Worry-free Business Security Version10.0 Updatesp1 SwEditionadvanced
Trendmicro ≫ Worry-free Business Security Version10.0 Updatesp1 SwEditionstandard
Trendmicro ≫ Worry-free Business Security Services SwEditionsaas Version >= 6.7.0.0 < 6.7.3954
Trendmicro ≫ Worry-free Business Security Services SwEditionsaas Version >= 14.0.0 < 14.3.1299
Trendmicro ≫ Apex One SwEditionsaas SwPlatformwindows Version < 14.0.14492
Trendmicro ≫ Apex One SwEditionon-premises SwPlatformwindows Version >= 14.0.0.12994 < 14.0.0.14002
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.021 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| security@trendmicro.com | 8.7 | 2 | 6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.