Trend Micro Apex Central <8.0.7007 insecure deserialization RCE
CVE-2025-49220 Published on June 17, 2025

An insecure deserialization operation in Trend Micro Apex Central below version 8.0.7007 could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49219 but is in a different method.

NVD

Vulnerability Analysis

CVE-2025-49220 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Type

Use of Obsolete Function

The code uses deprecated or obsolete functions, which suggests that the code has not been actively reviewed or maintained.


Products Associated with CVE-2025-49220

Want to know whenever a new CVE is published for TrendMicro Apex Central? stack.watch will email you.

TrendMicro Apex Central
 

Affected Versions

Trend Micro, Inc. Trend Micro Apex Central:

Exploit Probability

EPSS
6.99%
Percentile
91.30%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.