CVE-2025-47867

Sažetak

A Local File Inclusion vulnerability in a Trend Micro Apex Central widget in versions below 8.0.6955 could allow an attacker to include arbitrary files to execute as PHP code and lead to remote code execution on affected installations.

Reference

https://success.trendmicro.com/en-US/solution/KA-0019355
https://www.zerodayinitiative.com/advisories/ZDI-25-297/

CVSS

Base:	7.5
Impact:	5.9
Exploitability:	1.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

17-06-2025 - 20:50

Objavljeno

17-06-2025 - 18:15