| CVE ID | CVE-2025-71207 |
| CVSS SCORE | 4.4, AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N |
| AFFECTED VENDORS |
Trend Micro |
| AFFECTED PRODUCTS |
Apex Central |
| VULNERABILITY DETAILS |
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of URLs in the Manual Update feature. By providing a crafted URL, an attacker can cause the server to make a request to an incorrect URL. An attacker may be able to leverage this vulnerability to gain improper access to network resources. |
| ADDITIONAL DETAILS |
Trend Micro has issued an update to correct this vulnerability. More details can be found at:
https://success.trendmicro.com/en-US/solution/KA-0022071 |
| DISCLOSURE TIMELINE |
|
| CREDIT | Abdessamad Lahlali of Trend Micro |
