CVE-2025-49155

Summary

An uncontrolled search path vulnerability in the Trend Micro Apex One Data Loss Prevention module could allow an attacker to inject malicious code leading to arbitrary code execution on affected installations.

Affected Software

VendorProductVersion RangeStatus
Trend Micro, Inc.Trend Micro Apex One2019 (14.0) < 14.0.0.14002affected
Trend Micro, Inc.Trend Micro Apex One as a ServiceSaaS < 14.0.14492affected

Weaknesses

  • CWE-427: CWE-427: Uncontrolled Search Path Element

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References