CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-47867: A Local File Inclusion vulnerability in a Trend Micro Apex Central widget in versions below 8.0.6955 could allow an attacker to include arbitrary...

7.5 CVSS

Description

A Local File Inclusion vulnerability in a Trend Micro Apex Central widget in versions below 8.0.6955 could allow an attacker to include arbitrary files to execute as PHP code and lead to remote code execution on affected installations.

Classification

CVE ID: CVE-2025-47867

CVSS Base Severity: HIGH

CVSS Base Score: 7.5

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem Types

CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component

Affected Products

Vendor: Trend Micro, Inc.

Product: Trend Micro Apex Central

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.31% (probability of being exploited)

EPSS Percentile: 53.34% (scored less or equal to compared to others)

EPSS Date: 2025-06-21 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-47867
https://success.trendmicro.com/en-US/solution/KA-0019355
https://www.zerodayinitiative.com/advisories/ZDI-25-297/

Timeline

2025-05-21 18:00:55 UTC
Zero Day Initiative Published Advisories

ZDI-25-297: Trend Micro Apex Central widget getBlock Local File Inclusion Remote Code Execution Vulnerability
2025-06-17 18:40:21 UTC
CVE

A Local File Inclusion vulnerability in a Trend Micro Apex Central widget in versions below 8.0.6955 could allow an attacker to include arbitrary...