Home

Description

An uncontrolled search path vulnerability in the Trend Micro Apex One Data Loss Prevention module could allow an attacker to inject malicious code leading to arbitrary code execution on affected installations.

PUBLISHED Reserved 2025-06-02 | Published 2025-06-17 | Updated 2025-06-17 | Assigner trendmicro




HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Problem types

CWE-427: Uncontrolled Search Path Element

Product status

2019 (14.0) (semver) before 14.0.0.14002
affected

SaaS (semver) before 14.0.14492
affected

References

success.trendmicro.com/en-US/solution/KA-0019917

www.zerodayinitiative.com/advisories/ZDI-25-362/

cve.org (CVE-2025-49155)

nvd.nist.gov (CVE-2025-49155)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.