The vulnerability of the VsapiNT.sys module in anti-virus software from Trend Micro’s Apex One and Apex One as a Service allows a malicious actor to elevate their privileges and execute arbitrary code within the SYSTEM context.

🗓️ 23 Jul 2025 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 29 Views

VsapiNT.sys flaw in Trend Micro Apex One enables SYSTEM privilege escalation and code execution.

Reporter	Title	Published	Views	Family All 13
Circl	CVE-2025-49156	11 Jun 202503:00	–	circl
CNNVD	Trend Micro Apex One 安全漏洞	17 Jun 202500:00	–	cnnvd
CVE	CVE-2025-49156	17 Jun 202518:42	–	cve
Cvelist	CVE-2025-49156	17 Jun 202518:42	–	cvelist
EUVD	EUVD-2025-18529	3 Oct 202520:07	–	euvd
Japan Vulnerability Notes	Security updates for Trend Micro products (June 2025)	17 Jul 202508:03	–	jvn
NCSC	Vulnerabilities fixed in Trend Micro Apex One and Apex Central	12 Jun 202511:12	–	ncsc
NVD	CVE-2025-49156	17 Jun 202519:15	–	nvd
OSV	CVE-2025-49156	17 Jun 202519:15	–	osv
Positive Technologies	PT-2025-25238 · Trend Micro · Trend Micro Apex One	14 Aug 202400:00	–	ptsecurity

Vulners

Node

trend_micro apex_one_as_a_serviceRange<14.0.14492

Source	Link
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-CAN-24973/
cybersecurity-help	www.cybersecurity-help.cz/vdb/SB2025060965
success	www.success.trendmicro.com/en-US/solution/KA-0019917
web	www.web.nvd.nist.gov/view/vuln/detail

23 Jul 2025 00:00Current

7.5High risk

Vulners AI Score7.5

CVSS 26

CVSS 37

EPSS0.00122

VsapiNT.sys vulnerability Trend Micro Apex One Apex One as Service Privilege escalation System context Code execution Incorrect link definition Before file access