【Vulnerability Alert】Trend Micro Apex Central Has 2 Critical Security Vulnerabilities

• Subject: 【Vulnerability Alert】Trend Micro Apex Central Has 2 Critical Security Vulnerabilities

• Content:
  • Forwarded from Taiwan Computer Network Emergency Response Team & Coordination Center TWCERTCC-200-202506-00000013
  • Trend Micro Apex Central is a centralized management platform by Trend Micro used to manage various Trend Micro security solutions, including gateways, mail servers, file servers, and enterprise desktops. A major security advisory was recently released to patch 2 vulnerabilities:
  • 【CVE-2025-49219, CVSS: 9.8】 Trend Micro Apex Central has an insecure deserialization operation that allows unauthenticated remote attackers to execute arbitrary code on affected Apex Central installations.
  • 【CVE-2025-49220, CVSS: 9.8】 Trend Micro Apex Central has an insecure deserialization operation that allows unauthenticated remote attackers to execute arbitrary code on affected Apex Central installations.
• Affected Platforms:
  • Apex Central 2019 (On-prem) and earlier versions
  • Apex Central as a Service SaaS
• Suggested Measures:
  • Please go to the official website for patching: [https://success.trendmicro.com/en-US/solution/KA-0019926](https://success.trendmicro.com/en-US/solution/KA-0019926)
• References:
  • [https://www.twcert.org.tw/tw/cp-169-10187-e713c-1.html](https://www.twcert.org.tw/tw/cp-169-10187-e713c-1.html)

Computer and Communications Center
Network Systems Division