Initiatives pour
En tant qu'autorité nationale en matière de cybersécurité, le CCB a développé plusieurs initiatives destinées à des publics spécifiques, qui sont présentées ici.
Warning: Two Critical Vulnerabilities in Trend Micro Apex Central lead to Remote Code Execution, Patch Immediately!
Image
Publié : 16/06/2025
- Last update: 16/06/2025
- Affected software:
→ Trend Micro Apex Central 2019 (On-prem)- Type: Remote Code Execution
- CVE/CVSS
→ CVE-2025-49219: CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
→ CVE-2025-49220: CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Sources
https://success.trendmicro.com/en-US/solution/KA-0019926
Risks
Trend Micro Apex Central is a centralized management platform used to control and monitor security policies, threat intelligence, and endpoint protection across an organization's network.
Two critical deserialization of untrusted data vulnerabilities can be exploited by an attacker to achieve remote code execution. This flaws could enable attackers to fully compromise the system, manipulate security settings, move laterally within the network, exfiltrate data, and disrupt security operations.
The vulnerabilities have a severe impact on the Confidentiality, Integrity, and Availability of the affected environment, and require no user interaction or authentication to exploit.
Description
CVE-2025-49219 - Deserialization of Untrusted Data Remote Code Execution Vulnerability
The specific flaw exists within the implementation of the GetReportDetailView method. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE.
CVE-2025-49220 - Deserialization of Untrusted Data Remote Code Execution Vulnerability
The specific flaw exists within the implementation of the ConvertFromJson method. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.
While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.
References
https://www.zerodayinitiative.com/advisories/ZDI-25-366/
https://www.zerodayinitiative.com/advisories/ZDI-25-367/