CVE-2025-49154

Опубликовано: 17 июн. 2025

Источник: nvd

CVSS3: 8.7

CVSS3: 7.8

EPSS Низкий

Описание

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Ссылки

https://success.trendmicro.com/en-US/solution/KA-0019917
Vendor Advisory
https://success.trendmicro.com/en-US/solution/KA-0019936
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:trendmicro:worry-free_business_security:10.0:sp1:*:*:advanced:*:*:*

cpe:2.3:a:trendmicro:worry-free_business_security:10.0:sp1:*:*:standard:*:*:*

cpe:2.3:a:trendmicro:worry-free_business_security_services:*:*:*:*:saas:*:*:*

Версия от 6.7.0.0 (включая) до 6.7.3954 (исключая)

cpe:2.3:a:trendmicro:worry-free_business_security_services:*:*:*:*:saas:*:*:*

Версия от 14.0.0 (включая) до 14.3.1299 (исключая)

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

Одно из

cpe:2.3:a:trendmicro:apex_one:*:*:*:*:saas:windows:*:*

Версия до 14.0.14492 (исключая)

cpe:2.3:a:trendmicro:apex_one:*:*:*:*:on-premises:windows:*:*

Версия от 14.0.0.12994 (включая) до 14.0.0.14002 (исключая)

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 2%

0.00015

Низкий

8.7 High

CVSS3

7.8 High

CVSS3

Дефекты

CWE-284

NVD-CWE-Other

Связанные уязвимости

GHSA-p8h4-m3x4-3cgw

CVSS3: 8.7

github

8 месяцев назад

An insecure access control vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security could allow a local attacker to overwrite key memory-mapped files which could then have severe consequences for the security and stability of affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

EPSS

Процентиль: 2%

0.00015

Низкий

8.7 High

CVSS3

7.8 High

CVSS3

Дефекты

CWE-284

NVD-CWE-Other