An insecure deserialization operation in Trend Micro Apex Central below versions 8.0.7007 could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49220 but is in a different method.
Weakness
The code uses deprecated or obsolete functions, which suggests that the code has not been actively reviewed or maintained.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Apex_central | Trendmicro | 2019 (including) | 2019 (including) |
| Apex_central | Trendmicro | 2019-build_3752 (including) | 2019-build_3752 (including) |
| Apex_central | Trendmicro | 2019-build_5158 (including) | 2019-build_5158 (including) |
| Apex_central | Trendmicro | 2019-build_6016 (including) | 2019-build_6016 (including) |
| Apex_central | Trendmicro | 2019-build_6288 (including) | 2019-build_6288 (including) |
| Apex_central | Trendmicro | 2019-build_6394 (including) | 2019-build_6394 (including) |
| Apex_central | Trendmicro | 2019-build_6481 (including) | 2019-build_6481 (including) |
| Apex_central | Trendmicro | 2019-build_6511 (including) | 2019-build_6511 (including) |
| Apex_central | Trendmicro | 2019-build_6571 (including) | 2019-build_6571 (including) |
| Apex_central | Trendmicro | 2019-build_6658 (including) | 2019-build_6658 (including) |
| Apex_central | Trendmicro | 2019-build_6660 (including) | 2019-build_6660 (including) |
| Apex_central | Trendmicro | 2019-build_6890 (including) | 2019-build_6890 (including) |
| Apex_central | Trendmicro | 2019-build_6955 (including) | 2019-build_6955 (including) |
Extended Description
As programming languages evolve, functions occasionally become obsolete due to:
Functions that are removed are usually replaced by newer counterparts that perform the same task in some different and hopefully improved way.