Volerion logoVolerion
Volerion logoVolerion

Trend Micro Apex Central Deserialization Vulnerability Leading to Remote Code Execution

Vulnerability

A remote code execution vulnerability has been identified in Trend Micro Apex Central versions prior to 8.0.7007. This issue arises from an insecure deserialization operation, which can be exploited to execute arbitrary code on the affected system without authentication. The vulnerability exists in the 'ConvertFromJson' method, where user-supplied data is not properly validated, allowing for the deserialization of untrusted data. Exploitation of this vulnerability occurs in the context of the 'NETWORK SERVICE' account.

Impact

Successful exploitation of this vulnerability allows remote attackers to execute arbitrary code on the affected system with 'NETWORK SERVICE' privileges.

Remediation

Users can update to Trend Micro Apex Central Critical Patch B7007 to address this vulnerability. This patch is available for download from the Trend Micro Download Center. For users of Apex Central as a Service, the vulnerability has been addressed in the April 2025 monthly release.

Added: Jun 17, 2025, 6:17 PM
Updated: Jun 17, 2025, 9:15 PM

Vulnerability Rating

Custom Algorithm
spread
2.6
impact
10.0
exploitability
7.8
remediation
7.9
relevance
0.2
threat
0.2
urgency
2.9
incentive
10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.