彙總 Trend Micro 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
常見弱點模式包括 路徑處理缺陷、跨站腳本、緩衝區溢位與SQL 注入,在 軟體部署與生產負載 使用場景中可能帶來 檔案覆寫、應用程式崩潰與記憶體損壞 等風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2025-69260 | A message out-of-bounds read vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations. Please note: authentication is not required in order to exploit this vulnerability. | [email protected] | 7.5 | 0.56% | 2026-01-08 | 2026-01-15 |
| CVE-2025-69259 | A message unchecked NULL return value vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations. Please note: authentication is not required in order to exploit this vulnerability.. | [email protected] | 7.5 | 0.65% | 2026-01-08 | 2026-01-15 |
| CVE-2025-69258 | A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations. | [email protected] | 9.8 | 0.67% | 2026-01-08 | 2026-01-15 |
| CVE-2025-54987 | A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is essentially the same as CVE-2025-54948 but targets a different CPU architecture. | [email protected] | 9.4 | 3.28% | 2025-08-05 | 2025-08-12 |
| CVE-2025-54948 KEV | A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. | [email protected] | 9.4 | 13.89% | 2025-08-05 | 2025-10-31 |
| CVE-2025-53503 | Trend Micro Cleaner One Pro is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own. | [email protected] | 7.8 | 0.11% | 2025-07-10 | 2025-10-03 |
| CVE-2025-53378 | A missing authentication vulnerability in Trend Micro Worry-Free Business Security Services (WFBSS) agent could have allowed an unauthenticated attacker to remotely take control of the agent on affected installations. Also note: this vulnerability only affected the SaaS client version of WFBSS only, meaning the on-premise version of Worry-Free Business Security was not affected, and this issue was addressed in a WFBSS monthly maintenance update. Therefore no other customer action is required | [email protected] | 7.6 | 0.22% | 2025-07-10 | 2025-10-03 |
| CVE-2025-52837 | Trend Micro Password Manager (Consumer) version 5.8.0.1327 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow an attacker the opportunity to abuse symbolic links and other methods to delete any file/folder and achieve privilege escalation. | [email protected] | 7.8 | 0.27% | 2025-07-10 | 2025-10-03 |
| CVE-2025-52521 | Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own. | [email protected] | 7.8 | 0.19% | 2025-07-10 | 2025-08-26 |
| CVE-2025-49385 | Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own. | [email protected] | 7.8 | 0.18% | 2025-06-17 | 2025-08-26 |
| CVE-2025-49384 | Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own. | [email protected] | 7.8 | 0.10% | 2025-06-17 | 2025-08-26 |
| CVE-2025-49218 | A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. This is similar to, but not identical to CVE-2025-49215. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability. | [email protected] | 7.7 | 0.04% | 2025-06-17 | 2025-09-08 |
| CVE-2025-49217 | An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49213 but is in a different method. | [email protected] | 9.8 | 2.97% | 2025-06-17 | 2025-09-08 |
| CVE-2025-49216 | An authentication bypass vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to access key methods as an admin user and modify product configurations on affected installations. | [email protected] | 9.8 | 0.24% | 2025-06-17 | 2025-09-08 |
| CVE-2025-49215 | A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability. | [email protected] | 8.8 | 0.13% | 2025-06-17 | 2025-09-08 |
| CVE-2025-49214 | An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a post-authentication remote code execution on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability. | [email protected] | 8.8 | 3.25% | 2025-06-17 | 2025-09-08 |
| CVE-2025-49213 | An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49212 but is in a different method. | [email protected] | 9.8 | 5.27% | 2025-06-17 | 2025-09-08 |
| CVE-2025-49212 | An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49220 but is in a different method. | [email protected] | 9.8 | 5.27% | 2025-06-17 | 2025-09-08 |
| CVE-2025-49211 | A SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability. | [email protected] | 7.7 | 0.04% | 2025-06-17 | 2025-09-08 |
| CVE-2025-48443 | Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Local Privilege Escalation Vulnerability that could allow a local attacker to leverage this vulnerability to delete files in the context of an administrator when the administrator installs Trend Micro Password Manager. | [email protected] | 6.7 | 0.08% | 2025-06-17 | 2025-08-27 |