Impact
The flaw enables a remote attacker who can reach the Trend Micro Apex One management console to upload malicious code without any file‑type or size restrictions. Based on the description, it is inferred that the upload mechanism bypasses normal file validation and allows a path traversal style write, which is consistent with CWE‑22. Once the attacker succeeds in uploading the payload, the console will execute it with the privileges of the service process, granting the attacker full control over the host and compromising confidentiality, integrity, and availability of the protected environment.
Affected Systems
Trend Micro Apex One on‑premises version 14.0.0.14136 and the Apex One as a Service product version 14.0.0.20315 are affected. The SaaS instance has already been mitigated, so service customers require no action. On‑premises installations remain exposed if the console’s IP address is reachable from the public internet.
Risk and Exploitability
The CVSS score of 9.8 classifies this as a critical vulnerability. The EPSS score of 4% indicates a moderate likelihood of exploitation, although it is not listed in the CISA KEV catalog, suggesting no widespread active exploitation yet. The attacker must have network reach to the Management Console; the likely attack vector is a remote exploit via an externally exposed console. Source restrictions or VPN isolation are effective mitigations to reduce the attack surface and lower the risk of successful exploitation.
OpenCVE Enrichment