Primary

Context

Trend Micro Apex One Security Agent Plug-in User Interface Manager Arbitrary Code Execution Vulnerability

Vulnerability

Patched

A vulnerability exists in the Trend Micro Apex One Security Agent Plug-in User Interface Manager, allowing local attackers to bypass security measures and execute arbitrary code on affected systems. This vulnerability requires prior access to execute low-privileged code on the target machine.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution on the affected system.

Remediation

Users are advised to update to the latest version of Trend Micro Apex One. The updated version for Apex One is SP1 build 13140, and for Apex One as a Service, it is the December 2024 Monthly Maintenance (202412) with Agent version 14.0.14203.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

10.0

exploitability

3.5

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

10.0

exploitability

3.5

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Trend Micro Apex One Security Agent Plug-in User Interface Manager Arbitrary Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Trend Micro Apex One

Trend Micro Apex One as a Service

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating