Primary

Context

Trend Micro Apex Central Widget Local File Inclusion Remote Code Execution Vulnerability

Vulnerability

Patched

A Local File Inclusion vulnerability has been identified in Trend Micro Apex Central widgets prior to version 8.0.6955. This vulnerability could allow an attacker to execute arbitrary code on affected installations. The issue arises from improper validation of user-supplied data, which can be exploited by manipulating certain parameters. Authentication is required to exploit this vulnerability.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected system, with the executed code running in the context of the IUSR account.

Remediation

Users can update to Trend Micro Apex Central version 8.0.6955 or later. For the SaaS version, the March 2025 Monthly Maintenance Release is available. Instructions for downloading the on-premise version can be found on the Trend Micro Download Center.

Added: Jun 17, 2025, 6:23 PM

Updated: Jun 17, 2025, 9:22 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

4.9

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

4.9

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Trend Micro Apex Central Widget Local File Inclusion Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Trend Micro Apex Central

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating