The company released emergency patches on June 9, 2025, to address five distinct vulnerabilities tracked under CVE-2025-49154 through CVE-2025-49158, with severity ratings ranging from medium to high on the CVSS 3.0 scale.
This high-severity vulnerability (CVSS 8.7) stems from improper access control (CWE-284) in Trend Micro Apex One, allowing local attackers with low-privileged access to overwrite memory-mapped files critical to system operations.
Successful exploitation could destabilize the security agent or enable persistent malware injection by modifying protected memory regions.
Rated CVSS 8.8, this critical flaw in the Data Loss Prevention module involves an uncontrolled search path (CWE-427), enabling remote attackers to execute arbitrary code via DLL hijacking.
Attackers could deploy malicious payloads by placing forged DLLs in directories prioritized by the application’s search order, compromising entire endpoints through phishing or compromised networks.
The scan engine’s link-following vulnerability (CVSS 7.0, CWE-269) permits local attackers to escalate privileges by manipulating symbolic links.
By redirecting file operations to restricted system paths, attackers could overwrite configuration files or deploy elevated payloads despite initial low-privilege access.
With a CVSS score of 7.8, this CWE-269 flaw in the Damage Cleanup Engine allows similar privilege escalation through symbolic link abuse.
Attackers could bypass cleanup protocols to preserve malicious files or alter restoration processes, maintaining persistence on compromised systems.
This medium-severity vulnerability (CVSS 6.7) exploits an uncontrolled search path (CWE-427) in the Security Agent, where unquoted service paths enable privilege escalation via malicious executable placement.
Attackers could replace legitimate binaries with Trojanized versions during service restarts, gaining SYSTEM-level access despite requiring user interaction.
Trend Micro has released comprehensive patches addressing all identified vulnerabilities across affected platforms.
For on-premises Apex One 2019 installations, organizations must upgrade to SP1 CP Build 14002, while Apex One as a Service users require Security Agent Version 14.0.14492.
Both updates are immediately available through Trend Micro’s Download Center and should be prioritized for immediate deployment.
The company acknowledges security researchers Alexander Pudwill, Xavier DANEST from Decathlon, anonymous researchers, and Vladislav Berghici from Trend Micro Research for responsible vulnerability disclosure.
Organizations are advised to review remote access policies and ensure perimeter security configurations remain current while implementing these critical updates.
Given the enterprise-critical nature of affected systems and the potential for code injection and privilege escalation, security teams should treat these patches as emergency deployments requiring immediate attention across all Apex One installations.
Live Credential Theft Attack Unmask & Instant Defense – Free Webinar
The post Trend Micro Apex One Vulnerability Allow Attackers to Inject Malicious Code appeared first on Cyber Security News.
Spacelift has launched Spacelift Intelligence to help infrastructure teams escape drowning in provisioning requests. Developers…
Reco has released Reco AI Agent Security to fill the visibility gap for AI agents…
Workday has announced a major evolution of its business platform, with the first update to…
Unit4 has announced that Van Weelde Shipping Group is one of the latest customers to…
AI in all its forms (analytical, generative, agentic, et al) promises to redefine how work…
Microsoft has announced a fresh set of system features, including the long-requested ability to disable…
This website uses cookies.