Critical Vulnerability Information Vulnerability Overview Release Date: June 2025 CVE Identifiers: CVE-2025-4917, CVE-2025-4918, CVE-2025-4919, CVE-2025-4920, CVE-2025-4921 CVSS 3.0 Score: 8.6/8.6 Severity Rating: High Affected Versions Product: Apex One, Apex One as a Service Affected Versions: - Apex One: 2019 (SP1) SP1111 - Apex One as a Service: SaaS Platform: Windows Language: English Solution Updated Versions: - Apex One: SP1 CR Build 16020 - Apex One as a Service: Security Agent Update 190402 Vulnerability Details 1. CVE-2025-4917: Remote Code Execution Vulnerability - CVSS Score: 8.6/8.6 - Description: Attackers can exploit this vulnerability using specially crafted malicious files, leading to remote code execution. 2. CVE-2025-4918: Data Disclosure Vulnerability - CVSS Score: 8.6/8.6 - Description: Attackers can exploit this vulnerability to access and disclose sensitive data. 3. CVE-2025-4919: Privilege Escalation Vulnerability - CVSS Score: 8.6/8.6 - Description: Attackers can escalate privileges on affected systems. 4. CVE-2025-4920: Local Privilege Escalation Vulnerability - CVSS Score: 8.6/8.6 - Description: Attackers can exploit this vulnerability to escalate local privileges on affected systems. 5. CVE-2025-4921: Security Agent Unauthorized Search Path Local Privilege Escalation Vulnerability - CVSS Score: 8.6/8.6 - Description: Attackers can exploit this vulnerability to escalate local privileges on affected systems. Mitigation Factors Apply patches and updates promptly. Restrict physical and network access to systems. Use strong passwords and multi-factor authentication. Acknowledgments Thank you to the researchers and teams who discovered and reported these vulnerabilities.