Security Flaws in Trend Micro Products Expose PCs to Risks

Recent security vulnerabilities discovered in Trend Micro's software have raised alarms about the safety of Windows computers. Affected products include Apex Central and Worry-Free Business Security, which are widely used in both personal and business environments.

The vulnerabilities, particularly two critical ones identified as CVE-2025-49219 and CVE-2025-49220, pose significant threats as they allow attackers to execute remote code attacks via the Apex Central product line. Although the specific methods of exploitation are not yet fully understood, Trend Micro has confirmed that patches have been implemented in the latest updates for Apex Central (on-prem) CP B7007 and Apex Central as a Service as of April 2025.

Moreover, several versions of the Apex One software are also at risk. The most serious flaw, labeled CVE-2025-49155, could enable malicious actors to run unauthorized code on affected systems. Additional vulnerabilities have been addressed in Apex One SP1 CP Build 14002 and Apex One as a Service Security Agent Version 14.0.14492.

In the Internet Security version 17.8.1464, a vulnerability (CVE-2025-49384) has been patched, which allowed attackers to escalate user privileges. Similarly, Maximum Security has patched a related vulnerability (CVE-2025-49385). The Worry-Free Business Security product also had a critical vulnerability (CVE-2025-49154), which could allow unauthorized system access.

This series of vulnerabilities follows a previous incident where multiple security flaws in Trend Micro's Deep Security Agent were reported in April, which made systems vulnerable to denial-of-service (DoS) attacks.

Users of the affected Trend Micro products are strongly urged to update their software immediately to mitigate these risks and enhance their system's security. The company is committed to addressing these issues swiftly and ensuring the safety of its users against potential cyber threats.