This page lists publicly disclosed CVE vulnerabilities affecting trendmicro apex_central (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-69260 | A message out-of-bounds read vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations. Please note: authentication is not required in order to exploit this vulnerability. | [email protected] | 7.5 | 0.53% | 2026-01-08 | 2026-01-15 |
| CVE-2025-69259 | A message unchecked NULL return value vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations. Please note: authentication is not required in order to exploit this vulnerability.. | [email protected] | 7.5 | 0.62% | 2026-01-08 | 2026-01-15 |
| CVE-2025-69258 | A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations. | [email protected] | 9.8 | 0.62% | 2026-01-08 | 2026-01-15 |
| CVE-2025-30680 | A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (SaaS) could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations. Please note: this vulnerability only affects the SaaS instance of Apex Central - customers that automatically apply Trend Micro's monthly maintenance releases to the SaaS instance do not have to take any further action. | [email protected] | 7.1 | 0.27% | 2025-06-17 | 2025-09-08 |
| CVE-2025-30679 | A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modOSCE component could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations. | [email protected] | 6.5 | 0.29% | 2025-06-17 | 2025-09-08 |
| CVE-2025-30678 | A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modTMSM component could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations. | [email protected] | 6.5 | 0.29% | 2025-06-17 | 2025-09-08 |
| CVE-2025-49220 | An insecure deserialization operation in Trend Micro Apex Central below version 8.0.7007 could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49219 but is in a different method. | [email protected] | 9.8 | 8.36% | 2025-06-17 | 2025-09-08 |
| CVE-2025-49219 | An insecure deserialization operation in Trend Micro Apex Central below versions 8.0.7007 could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49220 but is in a different method. | [email protected] | 9.8 | 7.76% | 2025-06-17 | 2025-09-08 |
| CVE-2025-47867 | A Local File Inclusion vulnerability in a Trend Micro Apex Central widget in versions below 8.0.6955 could allow an attacker to include arbitrary files to execute as PHP code and lead to remote code execution on affected installations. | [email protected] | 7.5 | 1.81% | 2025-06-17 | 2025-09-08 |
| CVE-2025-47866 | An unrestricted file upload vulnerability in a Trend Micro Apex Central widget below version 8.0.6955 could allow an attacker to upload arbitrary files on affected installations. | [email protected] | 4.3 | 0.32% | 2025-06-17 | 2025-09-08 |
| CVE-2025-47865 | A Local File Inclusion vulnerability in a Trend Micro Apex Central widget below version 8.0.6955 could allow an attacker to gain remote code execution on affected installations. | [email protected] | 7.5 | 1.71% | 2025-06-17 | 2025-09-08 |
| CVE-2023-52331 | A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | [email protected] | 7.1 | 0.27% | 2024-01-23 | 2025-12-22 |
| CVE-2023-52329 | Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not identical to CVE-2023-52326. | [email protected] | 6.1 | 0.61% | 2024-01-23 | 2025-12-22 |
| CVE-2023-52328 | Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not identical to CVE-2023-52329. | [email protected] | 6.1 | 0.76% | 2024-01-23 | 2025-12-22 |
| CVE-2023-52327 | Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not identical to CVE-2023-52328. | [email protected] | 6.1 | 0.76% | 2024-01-23 | 2025-12-22 |
| CVE-2023-52326 | Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not identical to CVE-2023-52327. | [email protected] | 6.1 | 0.76% | 2024-01-23 | 2025-12-22 |
| CVE-2023-52325 | A local file inclusion vulnerability in one of Trend Micro Apex Central's widgets could allow a remote attacker to execute arbitrary code on affected installations. Please note: this vulnerability must be used in conjunction with another one to exploit an affected system. In addition, an attacker must first obtain a valid set of credentials on target system in order to exploit this vulnerability. | [email protected] | 7.5 | 3.11% | 2024-01-23 | 2025-12-22 |
| CVE-2023-52324 | An unrestricted file upload vulnerability in Trend Micro Apex Central could allow a remote attacker to create arbitrary files on affected installations. Please note: although authentication is required to exploit this vulnerability, this vulnerability could be exploited when the attacker has any valid set of credentials. Also, this vulnerability could be potentially used in combination with another vulnerability to execute arbitrary code. | [email protected] | 8.8 | 7.20% | 2024-01-23 | 2025-12-22 |
| CVE-2023-38627 | A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-38626. | [email protected] | 5.4 | 0.15% | 2024-01-23 | 2025-12-22 |
| CVE-2023-38626 | A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-38625. | [email protected] | 5.4 | 0.15% | 2024-01-23 | 2025-12-22 |