Undefined Behavior for Input to API

CVE-2025-47866

Medium

4.3/10

Summary

An unrestricted file upload vulnerability in a Trend Micro Apex Central widget below version 8.0.6955 could allow an attacker to upload arbitrary files on affected installations.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-475 - Undefined Behavior for Input to API

The behavior of this function is undefined unless its control parameter is set to a specific value.

References

Advisory Timeline

Published Jun 17, 2025

Undefined Behavior for Input to API

CVE-2025-47866

Summary

CWE-475 - Undefined Behavior for Input to API

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS