Published:2025/07/16 Last Updated:2025/07/16
JVNVU#96526886
Security updates for Trend Micro products (June 2025)
Overview
Trend Micro Incorporated has released security updates for multiple Trend Micro products.
Products Affected
CVE-2025-49154
- Apex One 2019 (On-prem)
- Apex One as a Service SaaS
- Worry-Free Business Security (WFBS) 10.0 SP1
- Worry-Free Business Security Services (WFBSS) 6.7 (SaaS)
- Apex One 2019 (On-prem)
- Apex One as a Service SaaS
- Apex Central 2019 (On-prem)
- Apex Central SaaS
- Worry-Free Business Security Services (WFBSS) 6.7 (SaaS)
Description
Trend Micro Incorporated has released security updates for multiple Trend Micro products.
Impact
- Key memory-mapped files may be overwritten due to an insecure access control vulnerability (CVE-2025-49154)
- Arbitrary code may be executed due to an uncontrolled search path vulnerability (CVE-2025-49155, CVE-2025-49487)
- Local privileges may be escalated due to a link following vulnerability (CVE-2025-49156, CVE-2025-49157)
- Local privileges may be escalated due to an uncontrolled search path vulnerability (CVE-2025-49158)
- Remote code may be executed due to an insecure deserialization operation (CVE-2025-49219, CVE-2025-49220)
- The agent on affected installations may be controlled remotely due to a missing authentication vulnerability (CVE-2025-53378)
Solution
Update the software
Update the software to the latest version according to the information provided by Trend Micro Incorporated.
Apply the Workaround
Trend Micro Incorporated recommends applying mitigation measures.
Vendor Status
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN.