CVE-2022-40139

HIGH 7.2

⚠️ CISA KEV

CVSS Score

7.2

EPSS Score

0.0%

EPSS Percentile

0th

Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service clients could allow a Apex One server administrator to instruct affected clients to download an unverified rollback package, which could lead to remote code execution. Please note: an attacker must first obtain Apex One server administration console access in order to exploit this vulnerability.

Vendor	trend micro
Product	trend micro apex one
Published	Sep 19, 2022
Last Updated	Oct 21, 2025

⚠️ Actively Exploited — Act Now

Get instant alerts for trend micro trend micro apex one

This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2022-40139.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Trend Micro / Trend Micro Apex One

2019 (on-prem) and SaaS

References

NVD ↗ CVE.org ↗ EPSS Data ↗

success.trendmicro.com: https://success.trendmicro.com/solution/000291528 cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-40139