{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-23T00:31:03.140","vulnerabilities":[{"cve":{"id":"CVE-2025-49155","sourceIdentifier":"security@trendmicro.com","published":"2025-06-17T19:15:33.130","lastModified":"2025-09-09T15:24:13.320","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An uncontrolled search path vulnerability in the Trend Micro Apex One Data Loss Prevention module could allow an attacker to inject malicious code leading to arbitrary code execution on affected installations."},{"lang":"es","value":"Una vulnerabilidad en la ruta de búsqueda no controlada en el módulo Trend Micro Apex One Data Loss Prevention podría permitir que un atacante inyecte código malicioso que provoque la ejecución de código arbitrario en las instalaciones afectadas."}],"metrics":{"cvssMetricV31":[{"source":"security@trendmicro.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security@trendmicro.com","type":"Secondary","description":[{"lang":"en","value":"CWE-427"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:trendmicro:apex_one:*:*:*:*:saas:windows:*:*","versionEndExcluding":"14.0.14492","matchCriteriaId":"E2378C4C-B4CE-42E6-A506-2AF1B894E421"},{"vulnerable":true,"criteria":"cpe:2.3:a:trendmicro:apex_one:*:*:*:*:on-premises:windows:*:*","versionStartIncluding":"14.0.0.12994","versionEndExcluding":"14.0.0.14002","matchCriteriaId":"2C42CC6D-7812-4564-8002-3E1208E603B8"}]}]}],"references":[{"url":"https://success.trendmicro.com/en-US/solution/KA-0019917","source":"security@trendmicro.com","tags":["Vendor Advisory"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-25-362/","source":"security@trendmicro.com","tags":["Third Party Advisory"]}]}}]}