Severity
High
Analysis Summary
CVE-2025-47867 CVSS:7.5
Trend Micro Apex Central could allow a remote authenticated attacker to include arbitrary files. An attacker could send a specially crafted URL request to specify a malicious file from the local system, which could allow the attacker to execute arbitrary code in the context of IUSR.
CVE-2025-47866 CVSS:4.3
Trend Micro Apex Central could allow a remote attacker to execute arbitrary code in the context of IUSR, caused by an unrestricted file upload flaw in the modTMCM webapp widget.
CVE-2025-47865 CVSS:7.5
Trend Micro Apex Central could allow a remote authenticated attacker to include arbitrary files. An attacker could send a specially crafted URL request to specify a malicious file from the local system, which could allow the attacker to execute arbitrary code in the context of IUSR.
Impact
- Code Execution
Indicators of Compromise
CVE
CVE-2025-47865
CVE-2025-47866
CVE-2025-47867
Affected Vendors
Affected Products
- Trend Micro Apex Central (on-prem) - 2019
- Trend Micro Apex Central SaaS
Remediation
Refer to Trend Micro Security Advisory for patch, upgrade, or suggested workaround information.