Vulnerability in Trend Micro Apex One Exploited in the Wild (

Vulnerability in Trend Micro Apex One Exploited in the Wild (CVE-2022-40139)

Trend Micro has patched six vulnerabilities in its Apex One on-prem and software-as-a-service products, one of which has been exploited in the wild. CVE-2022-40139 is an improper validation vulnerability in the “rollback” functionality which is used to revert Apex One agents to older versions. While this vulnerability can only be exploited by an attacker with access to the Apex One administrative console, there have been reports of active exploitation.

For more information about the vulnerability, including the availability of patches and Tenable product coverage, please visit our blog.

Vulnerability Watch

Forum Discussion

Vulnerability in Trend Micro Apex One Exploited in the Wild (

Recent Discussions

Oracle E-Business Suite Zero-Day Exploited by Cl0p Ransomware Group (CVE-2025-61882)

Investigating: Cl0p Reportedly Breached Oracle E-Business Suite (EBS) Systems

FAQ on Exploited Zero-Day Flaws in Cisco ASA and FTD Devices (CVE-2025-20333, CVE-2025-20362)

Microsoft’s September 2025 Patch Tuesday Addresses 80 CVEs (CVE-2025-55234)

Frequently Asked Questions About Chinese State-Sponsored Actors Compromising Global Networks

Americas

Europe

Asia / Australia