CVE-2025-47866
MEDIUMDescription
An unrestricted file upload vulnerability in a Trend Micro Apex Central widget below version 8.0.6955 could allow an attacker to upload arbitrary files on affected installations.
Is your site exposed to CVE-2025-47866?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| trendmicro | apex_central |
| trendmicro | apex_central |
| trendmicro | apex_central |
| trendmicro | apex_central |
| trendmicro | apex_central |
| trendmicro | apex_central |
| trendmicro | apex_central |
| trendmicro | apex_central |
| trendmicro | apex_central |
| trendmicro | apex_central |
| trendmicro | apex_central |
| trendmicro | apex_central |
| microsoft | windows |
References
Advisories & Patches
Other References
Frequently Asked Questions
What is CVE-2025-47866? +
How severe is CVE-2025-47866? +
What products are affected by CVE-2025-47866? +
How do I check if I'm vulnerable to CVE-2025-47866? +
Related Vulnerabilities
A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service …
A Local File Inclusion vulnerability in a Trend Micro Apex Central widget below version 8.0.6955 could allow an attacker to …
A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) …
A vulnerability in the dataframe component of gradio-app/gradio (version git 98cbcae) allows for a zip bomb attack. The component uses …
A vulnerability in mlflow/mlflow version 2.11.1 allows attackers to create multiple models with the same name by exploiting URL encoding. …
In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure …