What is the severity of CVE-2020-25773?

CVE-2020-25773 is rated as a high-severity vulnerability due to its potential to allow arbitrary code execution.

How do I fix CVE-2020-25773?

To fix CVE-2020-25773, ensure that no corrupted configuration files are imported into the Trend Micro Apex One ServerMigrationTool.

What products are affected by CVE-2020-25773?

CVE-2020-25773 affects Trend Micro Apex One 2019 and its SaaS versions, as well as Trend Micro OfficeScan XG.

What type of attack can exploit CVE-2020-25773?

CVE-2020-25773 can be exploited through a social engineering attack where a user inadvertently imports a malicious configuration file.

Is user interaction required for CVE-2020-25773 exploitation?

Yes, user interaction is required for CVE-2020-25773 as the target must import a corrupted configuration file.

Vulnerability/
CVE-2020-25773

high

7.8

CWE

415

28/9/2020

4/8/2024

30/1/2025

CVE-2020-25773: Trend Micro OfficeScan ServerMigrationTool DAT File Parsing Double Free Remote Code Execution Vulnerability

First published: Mon Sep 28 2020(Updated: )

A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to execute arbitrary code on affected products. User interaction is required to exploit this vulnerability in that the target must import a corrupted configuration file.

Credit: security@trendmicro.com

Affected Software	Affected Version	How to fix
Trend Micro Apex One	=2019
Trend Micro Apex One	=saas
Microsoft Windows
Trend Micro OfficeScan XG

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2020-25773?
CVE-2020-25773 is rated as a high-severity vulnerability due to its potential to allow arbitrary code execution.
How do I fix CVE-2020-25773?
To fix CVE-2020-25773, ensure that no corrupted configuration files are imported into the Trend Micro Apex One ServerMigrationTool.
What products are affected by CVE-2020-25773?
CVE-2020-25773 affects Trend Micro Apex One 2019 and its SaaS versions, as well as Trend Micro OfficeScan XG.
What type of attack can exploit CVE-2020-25773?
CVE-2020-25773 can be exploited through a social engineering attack where a user inadvertently imports a malicious configuration file.
Is user interaction required for CVE-2020-25773 exploitation?
Yes, user interaction is required for CVE-2020-25773 as the target must import a corrupted configuration file.

agent/references
agent/type
agent/severity
agent/weakness
agent/author
agent/title
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/trending
agent/source
collector/nvd-index
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
collector/zdi-advisory
source/ZDI
alias/ZDI-20-1224
alias/ZDI-CAN-10973
alias/CVE-2020-25773
agent/software-canonical-lookup
vendor/trendmicro
canonical/trend micro apex one
version/trend micro apex one/2019
version/trend micro apex one/saas
vendor/microsoft
canonical/microsoft windows
vendor/trend micro
canonical/trend micro officescan xg

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.