Critical Trend Micro Apex One Flaws Enable Remote Malicious Code Execution

Zerowl

March 9, 2026

Critical Trend Micro Apex One Flaws Enable Remote Malicious Code Execution

On February 24, 2026, Trend Micro published a critical patch for Apex One endpoint security products This article explores vulnerabilities ranging cve. . On Mac and Windows systems, these vulnerabilities allow privilege escalation and remote code execution.

Apex Affected Products Windows in English is impacted by One 2019 on-premises. Trend Vision and Apex One as a Service Windows SaaS deployments are also impacted by One Endpoint Standard. In late 2025, ActiveUpdate was used to update SaaS versions for Mac. Users on-premises need to install the latest critical patch build 14136.

Eight vulnerabilities, ranging from CVE-2025-71210 to CVE-2025-71217, are covered in the bulletin. By using directory traversal in the management console, critical flaws enable unauthenticated remote attackers to upload and execute malicious code. Description of the CVE ID Severity Weakness Platform CVE-2025-71210 in CVSS v3.1 RCE success for Console Directory Traversal.

9.8 Critical CWE-22 Windows CVE-2025-71211 RCE success for Console Directory Traversal. 9.8 Windows CVE-2025-71212 Critical CWE-22 Scan Engine Link After LPE 7.8 High CWE-59 Windows CVE-2025-71213 LPE 7.8 High CWE-346 Windows CVE-2025-71214 Origin Validation Error Agent Cache TOCTOU LPE 7.8 High CWE-367 Mac CVE-2025-71216 Agent iCore Origin Validation LPE 7.2 High CWE-346 Mac CVE-2025-71215 iCore Signature Verification TOCTOU LPE 7.8 High CWE-367 Mac CVE-2025-71217 Validation of Self-Protection Origin LPE 7.8 High CWE-346 Mac Critical flaws CVE-2025-71210 and 71211 require console access and are frequently visible from the outside. If unpatched, apply source IP restrictions.

Local privilege escalations require initial low-priv access. Update to Apex One CP Build 14136 for Windows or the latest SaaS agents. The patch also enhances defenses against prior flaws CVE-2025-54987 and 54948.

Trend Micro's Download Center offers patches for download. Consoles with public IPs should be given priority.Examine the policies pertaining to remote access. There haven't been any reported in-wild exploits yet.Zero Day Initiative researchers made responsible disclosures.

X and LinkedIn to Receive More Real-Time Updates. Make ZeroOwl a Google Preferred Source.

Critical Trend Micro Apex One Flaws Enable Remote Malicious Code Execution

Trending News

Coruna, DarkSword, and Democratizing Nation-State Exploit Kits

Coruna, DarkSword, and Democratizing Nation-State Exploit Kits

Apple Sends Lock Screen Alerts to Old iPhones About Active Web-Based Exploits

Apple Sends Lock Screen Alerts to Old iPhones About Active Web-Based Exploits

Wartime Usage of Compromised IP Cameras Highlight Their Danger

Wartime Usage of Compromised IP Cameras Highlight Their Danger

TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

Hackers use phishing ZIP files to send PXA Stealer to steal money from banks and other financial institutions.

Hackers use phishing ZIP files to send PXA Stealer to steal money from banks and other financial institutions.

China improves the backdoor it uses to spy on telecom companies around the world.

China improves the backdoor it uses to spy on telecom companies around the world.

Telnyx PyPI Package With 742,000 downloads Compromised in TeamPCP Supply Chain Attack

Telnyx PyPI Package With 742,000 downloads Compromised in TeamPCP Supply Chain Attack

Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks

Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks

Attacks on infrastructure that have physical effects are down 25%.

Attacks on infrastructure that have physical effects are down 25%.

How mistakes can help businesses improve their security programs

How mistakes can help businesses improve their security programs