Primary

Context

Trend Micro Apex One Security Agent Plug-in User Interface Manager Arbitrary Code Execution Vulnerability

Vulnerability

Patched

A vulnerability exists in the Trend Micro Apex One Security Agent Plug-in User Interface Manager, allowing a local attacker to bypass security measures and execute arbitrary code on affected systems. This vulnerability affects Trend Micro Apex One 2019 (On-prem) versions prior to build 13140 and Apex One as a Service versions prior to 202412 (Agent version 14.0.14203). To exploit this vulnerability, an attacker must first gain the ability to execute low-privileged code on the target system.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of code on the affected system.

Remediation

Users are advised to update to Trend Micro Apex One SP1 build 13140 or to the December 2024 Monthly Maintenance (202412) for Apex One as a Service. These versions are now available.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

10.0

exploitability

3.5

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

10.0

exploitability

3.5

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Trend Micro Apex One Security Agent Plug-in User Interface Manager Arbitrary Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Trend Micro Apex One

Trend Micro Apex One as a Service

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating