Insecure Access Control in Trend Micro Apex One and Worry-Free Business Security
CVE-2025-49154

8.7HIGH

Key Information:

Vendor: Trend Micro
Status: Trend Micro Apex One; Trend Micro Apex One As A Service; Worry-free Business Security
Vendor: CVE Published:; 17 June 2025

🔔 Create Trend Micro Vulnerability Alert

What is CVE-2025-49154?

An insecure access control vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security allows local attackers with low-privileged code execution capabilities to overwrite critical memory-mapped files. This flaw can lead to significant risks, compromising the security and integrity of the affected installations.

Affected Version(s)

Trend Micro Apex One 2019 (14.0) < 14.0.0.14002

Trend Micro Apex One as a Service SaaS < 14.0.14492

Worry-Free Business Security 10.0 SP1 < 2514

References

https://success.trendmicro.com/en-US/solution/KA-0019917

https://success.trendmicro.com/en-US/solution/KA-0019936

CVSS V3.1

Score:

8.7

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 17, 2025
Vulnerability Reserved
Jun 2, 2025