Vulnerability Description
An insecure access control vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security could allow a local attacker to overwrite key memory-mapped files which could then have severe consequences for the security and stability of affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Trendmicro | Worry-Free Business Security | 10.0 |
| Trendmicro | Worry-Free Business Security Services | >= 6.7.0.0, < 6.7.3954 |
| Microsoft | Windows | - |
| Trendmicro | Apex One | < 14.0.14492 |
Related Weaknesses (CWE)
References
- https://success.trendmicro.com/en-US/solution/KA-0019917Vendor Advisory
- https://success.trendmicro.com/en-US/solution/KA-0019936Vendor Advisory
FAQ
What is CVE-2025-49154?
CVE-2025-49154 is a vulnerability with a CVSS score of 8.7 (HIGH). An insecure access control vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security could allow a local attacker to overwrite key memory-mapped files which could then have se...
How severe is CVE-2025-49154?
CVE-2025-49154 has been rated HIGH with a CVSS base score of 8.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-49154?
Check the references section above for vendor advisories and patch information. Affected products include: Trendmicro Worry-Free Business Security, Trendmicro Worry-Free Business Security Services, Microsoft Windows, Trendmicro Apex One.