CVE-2025-49158 – Trend Micro Apex One Escalation of Privilege Vulnerability

June 17, 2025

CVE ID : CVE-2025-49158

Published : June 17, 2025, 7:15 p.m. | 1 hour, 15 minutes ago

Description : An uncontrolled search path vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalation privileges on affected installations.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Severity: 6.7 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-49487 – Trend Micro Worry-Free Business Security Services Uncontrolled Search Path Vulnerability

Next Article CVE-2025-49156 – Trend Micro Apex One Local Privilege Escalation Vulnerability

Highlights

CVE-2023-53136 – Linux af_unix Struct PID Leak Vulnerability

May 2, 2025

CVE ID : CVE-2023-53136

Published : May 2, 2025, 4:15 p.m. | 34 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

af_unix: fix struct pid leaks in OOB support

syzbot reported struct pid leak [1].

Issue is that queue_oob() calls maybe_add_creds() which potentially
holds a reference on a pid.

But skb->destructor is not set (either directly or by calling
unix_scm_to_skb())

This means that subsequent kfree_skb() or consume_skb() would leak
this reference.

In this fix, I chose to fully support scm even for the OOB message.

[1]
BUG: memory leak
unreferenced object 0xffff8881053e7f80 (size 128):
comm “syz-executor242”, pid 5066, jiffies 4294946079 (age 13.220s)
hex dump (first 32 bytes):
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 …………….
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 …………….
backtrace:
[] alloc_pid+0x6a/0x560 kernel/pid.c:180
[] copy_process+0x169f/0x26c0 kernel/fork.c:2285
[] kernel_clone+0xf7/0x610 kernel/fork.c:2684
[] __do_sys_clone+0x7c/0xb0 kernel/fork.c:2825
[] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
[] entry_SYSCALL_64_after_hwframe+0x63/0xcd

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: An Echo In Here in here

How To Minimize The Environmental Impact Of Your Website

Progress adds AI coding assistance to Telerik and Kendo UI libraries

Wasm 3.0 standard is now officially complete

Development Release: Ubuntu 25.10 Beta

Development Release: Linux Mint 7 Beta “LMDE”

Distribution Release: Tails 7.0

Distribution Release: Security Onion 2.4.180

GenStudio for Performance Marketing: What’s New and What We’ve Learned

GenStudio for Performance Marketing: What’s New and What We’ve Learned

Agentic and Generative Commerce Can Elevate CX in B2B

AI Momentum and Perficient’s Inclusion in Analyst Reports – Highlights From 2025 So Far

Denmark’s Strategic Leap Replacing Microsoft Office 365 with LibreOffice for Digital Independence

Denmark’s Strategic Leap Replacing Microsoft Office 365 with LibreOffice for Digital Independence

Development Release: Ubuntu 25.10 Beta

Development Release: Linux Mint 7 Beta “LMDE”

CVE-2025-49158 – Trend Micro Apex One Escalation of Privilege Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

CVE-2025-24332 – Nokia Single RAN AirScale Baseband SSH Privilege Escalation

CodeSOD: Classic WTF: When it’s OK to GOTO

Entdecke die Biker Lederjacke Damen – Stilvoll und robust!

CVE-2025-5161 – H3C SecCenter SMP-E1114P Remote Path Traversal Vulnerability

CVE-2023-53136 – Linux af_unix Struct PID Leak Vulnerability

Learn how Amazon Health Services improved discovery in Amazon search using AWS ML and gen AI

Fortinet Issues Emergency Patch for Actively Exploited Critical FortiSIEM Bug

US reveals it seized $1 million worth of Bitcoin from Russian BlackSuit ransomware gang

CVE-2025-49158 – Trend Micro Apex One Escalation of Privilege Vulnerability

Related Posts