Trend Micro has released fixes for multiple Apex One vulnerabilities, ranging from High to Critical severity, including management console issues that can lead to remote code execution (RCE).
The affected CVEs range from CVE-2025-71210 to CVE-2025-71217, with CVSS v3 scores ranging from 7.2 to 9.8.
The February 2026 advisory lists Apex One 2019 (on‑prem) on Windows and Apex One as a Service (Trend Vision One Endpoint – Standard Endpoint Protection) on Windows as affected product lines.
Trend Micro’s remediation guidance points customers to update to the latest available builds, even if earlier patches may have addressed parts of the issue.
Trend Micro Apex One Vulnerabilities
Two critical flaws, CVE-2025-71210 and CVE-2025-71211, are described as console directory traversal RCE vulnerabilities (CWE-22) in the Apex One management console.
These issues allow attackers to upload malicious code and execute commands on affected installations.
Trend Micro notes that exploitation requires access to the Apex One Management Console.
The company warns that externally exposed console IP addresses increase the risk and recommends applying source restrictions where they are not already in place.
The advisory also details local privilege escalation (LPE) issues affecting Windows components, including link following (CWE-59) and origin validation errors (CWE-346).
| CVE | Type | CVSS | Platform | Key Note |
|---|---|---|---|---|
| CVE-2025-71210 | Console dir traversal RCE | 9.8 | Windows | Console access required; SaaS mitigated |
| CVE-2025-71211 | Console dir traversal RCE | 9.8 | Windows | Similar to 71210 |
| CVE-2025-71212 | Link following LPE | 7.8 | Windows | Low-privileged code execution required |
| CVE-2025-71213 | Origin validation LPE | 7.8 | Windows | Low-privileged code execution required |
| CVE-2025-71214 | Origin validation LPE | 7.2 | Mac | Informational; previously fixed |
| CVE-2025-71215 | TOCTOU LPE | 7.8 | Mac | Informational; previously fixed |
| CVE-2025-71216 | TOCTOU LPE | 7.8 | Mac | Informational; previously fixed |
| CVE-2025-71217 | Origin validation LPE | 7.8 | Mac | Informational; previously fixed |
These vulnerabilities require an attacker to already have the ability to execute low-privileged code on the target endpoint.
For macOS agents, Trend Micro provides CVE references as informational, stating these were addressed earlier via ActiveUpdate/SaaS updates in mid to late 2025.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
