CVE-2025-47865: 
Apex Central vulnerability analysis and mitigation

A Local File Inclusion vulnerability (CVE-2025-47865) was discovered in Trend Micro Apex Central widget affecting versions below 8.0.6955. The vulnerability was discovered by Poh Jia Hao of STAR Labs SG Pte. Ltd. and was publicly disclosed on May 21, 2025. The vulnerability has been assigned a CVSS v3.1 score of 7.5 (High) (ZDI Advisory, NVD).

The specific flaw exists within the getObjWGFServiceApiByApiName function, where the issue results from the lack of proper validation of user-supplied data prior to passing it to a PHP include function. The vulnerability is classified under CWE-475: Undefined Behavior for Input to API. The CVSS vector string is AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating network attack vector, high attack complexity, low privileges required, and no user interaction needed (ZDI Advisory).

If successfully exploited, this vulnerability could allow an attacker to gain remote code execution on affected installations. An attacker can leverage this vulnerability in conjunction with other vulnerabilities to execute code in the context of IUSR (ZDI Advisory, Trend Micro).

Trend Micro has released build 6955 for Apex Central (on-premise) to address this vulnerability. Customers are strongly encouraged to update to the latest builds as soon as possible. Additionally, customers are advised to review remote access to critical systems and ensure policies and perimeter security is up-to-date (Trend Micro).