|
[Japanese]
|
JVNDB-2025-009150
|
Security updates for Trend Micro products (June 2025)
|
|
Trend Micro Incorporated has released security updates for multiple Trend Micro products.
Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN.
|
|
|
|
|
Trend Micro, Inc.
- Apex Central 2019 (On-prem) (CVE-2025-49219, CVE-2025-49220)
- Apex Central SaaS (CVE-2025-49219, CVE-2025-49220)
- Apex One 2019 (On-prem) (CVE-2025-49154, CVE-2025-49155, CVE-2025-49156, CVE-2025-49157, CVE-2025-49158)
- Apex One as a Service SaaS (CVE-2025-49154, CVE-2025-49155, CVE-2025-49156, CVE-2025-49157, CVE-2025-49158)
- Worry-Free Business Security (WFBS) 10.0 SP1 (CVE-2025-49154)
- Worry-Free Business Security Services (WFBSS) 6.7 (SaaS) (CVE-2025-49154, CVE-2025-49487, CVE-2025-53378)
|
|
|
* Key memory-mapped files may be overwritten due to an insecure access control vulnerability (CVE-2025-49154)
* Arbitrary code may be executed due to an uncontrolled search path vulnerability (CVE-2025-49155, CVE-2025-49487)
* Local privileges may be escalated due to a link following vulnerability (CVE-2025-49156, CVE-2025-49157)
* Local privileges may be escalated due to an uncontrolled search path vulnerability (CVE-2025-49158)
* Remote code may be executed due to an insecure deserialization operation (CVE-2025-49219, CVE-2025-49220)
* The agent on affected installations may be controlled remotely due to a missing authentication vulnerability (CVE-2025-53378)
|
|
[Update the software]
Update the software to the latest version according to the information provided by Trend Micro Incorporated.
[Apply the Workaround]
Trend Micro Incorporated recommends applying mitigation measures.
|
|
Trend Micro, Inc.
|
|
|
|
- CVE-2025-49154
- CVE-2025-49155
- CVE-2025-49156
- CVE-2025-49157
- CVE-2025-49158
- CVE-2025-49219
- CVE-2025-49220
- CVE-2025-49487
- CVE-2025-53378
|
|
- JVN : JVNVU#96526886
|
|
- [2025/07/17]
Web page was published
|
