Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-47867

A Local File Inclusion vulnerability in a Trend Micro Apex Central widget in versions below 8.0.6955 could allow an attacker to include arbitrary files to execute as PHP code and lead to remote code execution on affected installations.

Published

2025-06-17T18:15:26.703

Last Modified

2025-09-08T21:04:50.527

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-74
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	trendmicro	apex_central	2019	Yes
Application	trendmicro	apex_central	2019	Yes
Application	trendmicro	apex_central	2019	Yes
Application	trendmicro	apex_central	2019	Yes
Application	trendmicro	apex_central	2019	Yes
Application	trendmicro	apex_central	2019	Yes
Application	trendmicro	apex_central	2019	Yes
Application	trendmicro	apex_central	2019	Yes
Application	trendmicro	apex_central	2019	Yes
Application	trendmicro	apex_central	2019	Yes
Application	trendmicro	apex_central	2019	Yes
Application	trendmicro	apex_central	2019	Yes
Operating System	microsoft	windows	-	No

References

https://success.trendmicro.com/en-US/solution/KA-0019355 Vendor Advisory ([email protected])
https://www.zerodayinitiative.com/advisories/ZDI-25-297/ Third Party Advisory ([email protected])