CVE-2025-47867CRITICAL 9.8EPSS p66.4%

CVE-2025-47867CVE-2025-47867

Description

A Local File Inclusion vulnerability in a Trend Micro Apex Central widget in versions below 8.0.6955 could allow an attacker to include arbitrary files to execute as PHP code and lead to remote code execution on affected installations.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS1.28% probability of exploitation · percentile 66.4% · 2026-06-18T12:00:27Z
Published2025-06-17
Last modified2025-09-08

Underlying weaknesses· 1

CWE-74

References

  1. https://success.trendmicro.com/en-US/solution/KA-0019355
  2. https://www.zerodayinitiative.com/advisories/ZDI-25-297/

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')cwe-740%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-47865
CVE
Trend Micro Apex Central Arbitrary File Upload Vulnerability
CVE
CVE-2025-58967
CVE
CVE-2025-58707
CVE
CVE-2025-49220
CVE
CVE-2025-58937
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.