CVE-2024-58105

HIGH 7.3

CVSS Score

7.3

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations. This CVE address an addtional bypass not covered in CVE-2024-58104. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Vendor	trend micro, inc.
Product	trend micro apex one
Published	Mar 25, 2025
Last Updated	Feb 26, 2026

Stay Ahead of the Next One

Get instant alerts for trend micro, inc. trend micro apex one

Be the first to know when new high vulnerabilities affecting trend micro, inc. trend micro apex one are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Trend Micro, Inc. / Trend Micro Apex One

2019 (14.0) < 14.0.0.13122

Trend Micro, Inc. / Trend Micro Apex One as a Service

SaaS < 14.0.13260

References

NVD ↗ CVE.org ↗ EPSS Data ↗

success.trendmicro.com: https://success.trendmicro.com/en-US/solution/KA-0018217