June 25, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Mirai Botnet aka Katana – Active IOCs
June 18, 2025CVE-2025-23252 – NVIDIA NVDebug Tool Vulnerability
June 18, 2025Mirai Botnet aka Katana – Active IOCs
June 18, 2025CVE-2025-23252 – NVIDIA NVDebug Tool Vulnerability
June 18, 2025
Severity
High
Analysis Summary
CVE-2025-49384 CVSS:7.8
Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.
CVE-2025-49154 CVSS:8.7
An insecure access control vulnerability in Trend Micro Apex One could allow a local attacker to overwrite key memory-mapped files which could then have severe consequences for the security and stability of affected installations.
CVE-2025-49214 CVSS:8.8
An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a post-authentication remote code execution on affected installations.
Impact
- Gain Access
- Code Execution
- Privilege Escalation
Indicators of Compromise
CVE
CVE-2025-49384
CVE-2025-49154
CVE-2025-49214
Affected Vendors
Trend Micro
Affected Products
- Trend Micro Apex One as a Service SaaS
- Trend Micro Security 17.8 (Consumer)
- Trend Micro Apex One 2019 (On-prem)
- Trend Micro Endpoint Encryption (TMEE) PolicyServer 6.0.0.4013
Remediation
Refer to Trend Micro Security Advisory for patch, upgrade, or suggested workaround information.