CVE-2025-49154 – Trend Micro Apex One, Trend Micro Worry-Free Business Security Memory Corruption Vulnerability

June 17, 2025

CVE ID : CVE-2025-49154

Published : June 17, 2025, 7:15 p.m. | 1 hour, 14 minutes ago

Description : An insecure access control vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security could allow a local attacker to overwrite key memory-mapped files which could then have severe consequences for the security and stability of affected installations.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Severity: 8.7 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-49155 – Trend Micro Apex One Uncontrolled Search Path Vulnerability (Arbitrary Code Execution)

Next Article CVE-2025-34510 – Sitecore Experience Manager (XM), Experience Platform (XP), and Experience Commerce (XC) Zip Slip Remote Code Execution

Highlights

CVE-2025-48495 – Gokapi Cross-Site Scripting (XSS)

June 2, 2025

CVE ID : CVE-2025-48495

Published : June 2, 2025, 12:15 p.m. | 2 hours, 56 minutes ago

Description : Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. By renaming the friendly name of an API key, an authenticated user could inject JS into the API key overview, which would also be executed when another user clicks on his API tab. Prior to version 2.0.0, there was no user permission system implemented, therefore all authenticated users were already able to see and modify all resources, even if end-to-end encrypted, as the encryption key had to be the same for all users of versions prior to 2.0.0. If a user is the only authenticated user using Gokapi, they are not affected. This issue has been fixed in v2.0.0. A workaround would be to not open the API page if it is possible that another user might have injected code.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

React.js for SaaS Platforms: How Top Development Teams Help Startups Launch Faster

Upwork Freelancers vs Dedicated React.js Teams: What’s Better for Your Project in 2025?

Is Agile dead in the age of AI?

Top 15 Enterprise Use Cases That Justify Hiring Node.js Developers in 2025

Unplugging these 7 common household devices helped reduce my electricity bills

DistroWatch Weekly, Issue 1133

Anthropic beats OpenAI as the top LLM provider for business – and it’s not even close

I bought Samsung’s Galaxy Watch Ultra 2025 – here’s why I have buyer’s remorse

The details of TC39’s last meeting

The details of TC39’s last meeting

Enhancing Laravel Queries with Reusable Scope Patterns

Everything We Know About Livewire 4

DistroWatch Weekly, Issue 1133

DistroWatch Weekly, Issue 1133

Newelle, a ‘Virtual Assistant’ for GNOME, Hits Version 1.0

Bustle – visualize D-Bus activity

CVE-2025-49154 – Trend Micro Apex One, Trend Micro Worry-Free Business Security Memory Corruption Vulnerability

CVE-2025-6754 – “WordPress SEO Metrics Privilege Escalation”

CVE-2025-7710 – “Brave Conversion Engine WordPress Facebook Authentication Bypass”

FydeOS is a ChromiumOS Linux based distribution

CVE-2025-5616 – PHPGurukul Online Fire Reporting System SQL Injection Vulnerability

CVE-2025-7539 – Code-projects Online Appointment Booking System SQL Injection Vulnerability

Nitrux: Passaggio da NX Desktop a Hyprland

CVE-2025-48495 – Gokapi Cross-Site Scripting (XSS)

Mysterious Disappearance of Cybersecurity Expert Xiaofeng Wang and Wife Triggers FBI Raids

5 things I always consider before buying an air purifier – after testing many

CVE-2025-5177 – Realce Tecnologia Queue Ticket Kiosk Cross-Site Scripting Vulnerability

CVE-2025-49154 – Trend Micro Apex One, Trend Micro Worry-Free Business Security Memory Corruption Vulnerability

Related Posts