CVE-2025-49155HIGH 8.8EPSS p51.5%

CVE-2025-49155CVE-2025-49155

Description

An uncontrolled search path vulnerability in the Trend Micro Apex One Data Loss Prevention module could allow an attacker to inject malicious code leading to arbitrary code execution on affected installations.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS0.79% probability of exploitation · percentile 51.5% · 2026-06-19T12:03:05Z
Published2025-06-17
Last modified2025-09-09

Underlying weaknesses· 1

CWE-427

References

  1. https://success.trendmicro.com/en-US/solution/KA-0019917
  2. https://www.zerodayinitiative.com/advisories/ZDI-25-362/

1

TypeTargetConfidenceTier
WeaknessUncontrolled Search Path Elementcwe-4270%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Trend Micro Apex One OS Command Injection Vulnerability
CVE
Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability
CVE
CVE-2025-47865
CVE
CVE-2025-71210
CVE
CVE-2025-71211
CVE
CVE-2025-54987
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.