### [CVE-2025-49157](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49157)
![](https://img.shields.io/static/v1?label=Product&message=Trend%20Micro%20Apex%20One%20as%20a%20Service&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Trend%20Micro%20Apex%20One&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=2019%20(14.0)%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=SaaS%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-269%3A%20Improper%20Privilege%20Management&color=brightgreen)

### Description

A link following vulnerability in the Trend Micro Apex One Damage Cleanup Engine could allow a local attacker to escalation privileges on affected installations.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds