CVE-2024-58105

A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations.

This CVE address an addtional bypass not covered in CVE-2024-58104.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Published: Mar 25, 2025
Updated: Aug 2, 2025
CVE: CVE-2024-58105
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
trendmicro / apex_one	-	2019.13140
trendmicro / apex_one	-	14.0.14203

https://success.trendmicro.com/en-US/solution/KA-0018217

Vulnerability Database

CVE-2024-58105