Cyber Resilience

CVE-2025-47867

High

Published: 17 June 2025

Published
17 June 2025
Modified
08 September 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0181 83.2th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-47867 is a high-severity Injection (CWE-74) vulnerability in Trendmicro Apex Central. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 16.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

A Local File Inclusion vulnerability exists in a widget component of Trend Micro Apex Central versions below 8.0.6955. The flaw, tracked as CVE-2025-47867, permits an attacker to supply arbitrary files that are then executed as PHP code, resulting in remote code execution on the affected server. The issue carries a CVSS 3.1 score of 7.5 and is associated with CWE-74.

An attacker with low-privileged network access can exploit the vulnerability, although successful exploitation requires high attack complexity and no user interaction. Successful exploitation grants the attacker full confidentiality, integrity, and availability impact on the target installation.

Vendor guidance and additional technical details are available in the Trend Micro solution article KA-0019355 and the Zero Day Initiative advisory ZDI-25-297. The EPSS score for this CVE remains flat at 0.0181 with no material increase observed since publication.

EU & UK References

Vulnerability details

A Local File Inclusion vulnerability in a Trend Micro Apex Central widget in versions below 8.0.6955 could allow an attacker to include arbitrary files to execute as PHP code and lead to remote code execution on affected installations.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

trendmicro
apex central
2019

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-74

Developer assessments and testing (including injection-focused techniques) identify improper neutralization of special elements, and the verifiable flaw remediation corrects them pre-deployment.

addresses: CWE-74

Identifies indicators of injection attacks (command, SQL, LDAP, etc.) via anomaly and attack monitoring.

References