A number of important safety vulnerabilities within the Development Micro Apex One enterprise safety platform might allow attackers to inject malicious code and escalate privileges on affected techniques.
The corporate launched emergency patches on June 9, 2025, to deal with 5 distinct vulnerabilities tracked underneath CVE-2025-49154 via CVE-2025-49158, with severity rankings starting from medium to excessive on the CVSS 3.0 scale.
CVE-2025-49154: Insecure Entry Management Vulnerability
This high-severity vulnerability (CVSS 8.7) stems from improper entry management (CWE-284) in Development Micro Apex One, permitting native attackers with low-privileged entry to overwrite memory-mapped information important to system operations.
Profitable exploitation might destabilize the safety agent or allow persistent malware injection by modifying protected reminiscence areas.
CVE-2025-49155: Information Loss Prevention Distant Code Execution
Rated CVSS 8.8, this important flaw within the Information Loss Prevention module includes an uncontrolled search path (CWE-427), enabling distant attackers to execute arbitrary code by way of DLL hijacking.
Attackers might deploy malicious payloads by putting solid DLLs in directories prioritized by the applying’s search order, compromising whole endpoints via phishing or compromised networks.
CVE-2025-49156: Scan Engine Privilege Escalation
The scan engine’s link-following vulnerability (CVSS 7.0, CWE-269) permits native attackers to escalate privileges by manipulating symbolic hyperlinks.
By redirecting file operations to restricted system paths, attackers might overwrite configuration information or deploy elevated payloads regardless of preliminary low-privilege entry.
CVE-2025-49157: Injury Cleanup Engine Privilege Escalation
With a CVSS rating of seven.8, this CWE-269 flaw within the Injury Cleanup Engine permits comparable privilege escalation via symbolic hyperlink abuse.
Attackers might bypass cleanup protocols to protect malicious information or alter restoration processes, sustaining persistence on compromised techniques.
CVE-2025-49158: Safety Agent Search Path Hijacking
This medium-severity vulnerability (CVSS 6.7) exploits an uncontrolled search path (CWE-427) within the Safety Agent, the place unquoted service paths allow privilege escalation by way of malicious executable placement.
Attackers might change professional binaries with Trojanized variations throughout service restarts, gaining SYSTEM-level entry regardless of requiring consumer interplay.
Mitigations
Development Micro has launched complete patches addressing all recognized vulnerabilities throughout affected platforms.
For on-premises Apex One 2019 installations, organizations should improve to SP1 CP Construct 14002, whereas Apex One as a Service customers require Safety Agent Model 14.0.14492.
Each updates are instantly obtainable via Development Micro’s Obtain Heart and ought to be prioritized for rapid deployment.
The corporate acknowledges safety researchers Alexander Pudwill, Xavier DANEST from Decathlon, nameless researchers, and Vladislav Berghici from Development Micro Analysis for accountable vulnerability disclosure.
Organizations are suggested to overview distant entry insurance policies and guarantee perimeter safety configurations stay present whereas implementing these important updates.
Given the enterprise-critical nature of affected techniques and the potential for code injection and privilege escalation, safety groups ought to deal with these patches as emergency deployments requiring rapid consideration throughout all Apex One installations.
Reside Credential Theft Assault Unmask & Prompt Protection – Free Webinar
