Japanese cybersecurity software firm Trend Micro has patched two critical Apex One vulnerabilities that allow attackers to gain remote code execution (RCE) on vulnerable Windows systems.
Apex One is an endpoint security platform that detects and responds to security threats, including malware, spyware, malicious tools, and vulnerabilities.
The first critical Apex One security flaw patched this week (CVE-2025-71210) is due to a path traversal weakness in the Trend Micro Apex One management console, allowing attackers without privileges to execute malicious code on unpatched systems.
The second, tracked as CVE-2025-71211, is another Apex One management console path traversal vulnerability, similar in scope to CVE-2025-71210 but affecting a different executable.
As Trend Micro explained in a Tuesday security advisory, successful exploitation requires attackers to “have access to the Trend Micro Apex One Management Console, so customers that have their console’s IP address exposed externally should consider mitigating factors such as source restrictions if not already applied.”
“Even though an exploit may require several specific conditions to be met, Trend Micro strongly encourages customers to update to the latest builds as soon as possible,” it warned.
To address these critical security flaws, Trend Micro has patched the vulnerabilities in the SaaS Apex One versions and released Critical Patch Build 14136, which also fixes two high-severity privilege escalation flaws in the Windows agent and four more affecting the macOS agent.
While Trend Micro has not flagged these vulnerabilities as exploited in the wild, threat actors have abused other Apex One in attacks over the last several years.
For instance, Trend Micro warned customers to patch an actively exploited Apex One RCE vulnerability (CVE-2025-54948) in August 2025, and addressed two other Apex One zero-days exploited in the wild in September 2022 (CVE-2022-40139) and in September 2023 (CVE-2023-41179).
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) currently tracks 10 Trend Micro Apex vulnerabilities that have either been or are still being exploited in the wild.
Modern IT infrastructure moves faster than manual workflows can handle.
In this new Tines guide, learn how your team can reduce hidden manual delays, improve reliability through automated response, and build and scale intelligent workflows on top of tools you already use.
