vulnerability

Trend Micro Apex Central: CVE-2025-49220: Deserialization of Untrusted Data RCE Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:C/I:C/A:C)	Jun 10, 2025	Jun 13, 2025	Sep 9, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

Jun 10, 2025

Added

Jun 13, 2025

Modified

Sep 9, 2025

Description

An insecure deserialization operation in Trend Micro Apex Central could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49219 but is in a different method.

Solution

trend-micro-apex-central-upgrade-latest

References

CWE-477
CWE-502
CVE-2025-49220
https://attackerkb.com/topics/CVE-2025-49220
URL-http://zerodayinitiative.com/advisories/published/
URL-https://success.trendmicro.com/en-US/solution/KA-0019926

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today