NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2025-54948 KEV | A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. | 9.4 | 20.25% | 2025-08-05 | 2026-06-17 |
| CVE-2025-53503 | Trend Micro Cleaner One Pro is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own. | 7.8 | 0.21% | 2025-07-10 | 2026-06-17 |
| CVE-2025-53378 | A missing authentication vulnerability in Trend Micro Worry-Free Business Security Services (WFBSS) agent could have allowed an unauthenticated attacker to remotely take control of the agent on affected installations. Also note: this vulnerability only affected the SaaS client version of WFBSS only, meaning the on-premise version of Worry-Free Business Security was not affected, and this issue was addressed in a WFBSS monthly maintenance update. Therefore no other customer action is required | 7.6 | 0.65% | 2025-07-10 | 2026-06-17 |
| CVE-2025-52837 | Trend Micro Password Manager (Consumer) version 5.8.0.1327 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow an attacker the opportunity to abuse symbolic links and other methods to delete any file/folder and achieve privilege escalation. | 7.8 | 0.15% | 2025-07-10 | 2026-06-17 |
| CVE-2025-52521 | Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own. | 7.8 | 0.33% | 2025-07-10 | 2026-06-17 |
| CVE-2025-49385 | Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own. | 7.8 | 0.14% | 2025-06-17 | 2026-06-17 |
| CVE-2025-49384 | Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own. | 7.8 | 0.10% | 2025-06-17 | 2026-06-17 |
| CVE-2025-49218 | A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. This is similar to, but not identical to CVE-2025-49215. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability. | 7.7 | 0.11% | 2025-06-17 | 2026-06-17 |
| CVE-2025-49217 | An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49213 but is in a different method. | 9.8 | 1.02% | 2025-06-17 | 2026-06-17 |
| CVE-2025-49216 | An authentication bypass vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to access key methods as an admin user and modify product configurations on affected installations. | 9.8 | 0.49% | 2025-06-17 | 2026-06-17 |
| CVE-2025-49215 | A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability. | 8.8 | 0.34% | 2025-06-17 | 2026-06-17 |
| CVE-2025-49214 | An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a post-authentication remote code execution on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability. | 8.8 | 0.76% | 2025-06-17 | 2026-06-17 |
| CVE-2025-49213 | An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49212 but is in a different method. | 9.8 | 7.94% | 2025-06-17 | 2026-06-17 |
| CVE-2025-49212 | An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49220 but is in a different method. | 9.8 | 7.94% | 2025-06-17 | 2026-06-17 |
| CVE-2025-49211 | A SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability. | 7.7 | 0.11% | 2025-06-17 | 2026-06-17 |
| CVE-2025-48443 | Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Local Privilege Escalation Vulnerability that could allow a local attacker to leverage this vulnerability to delete files in the context of an administrator when the administrator installs Trend Micro Password Manager. | 6.7 | 0.18% | 2025-06-17 | 2026-06-17 |
| CVE-2025-30642 | A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker to create a denial of service (DoS) situation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 5.5 | 0.10% | 2025-06-17 | 2026-06-17 |
| CVE-2025-30641 | A link following vulnerability in the anti-malware solution portion of Trend Micro Deep Security 20.0 agents could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 7.8 | 0.15% | 2025-06-17 | 2026-06-17 |
| CVE-2025-30640 | A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 7.8 | 0.15% | 2025-06-17 | 2026-06-17 |
| CVE-2025-30680 | A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (SaaS) could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations. Please note: this vulnerability only affects the SaaS instance of Apex Central - customers that automatically apply Trend Micro's monthly maintenance releases to the SaaS instance do not have to take any further action. | 7.1 | 0.24% | 2025-06-17 | 2026-06-17 |