Trend Micro Apex One Flaws: Critical Code Execution Risk
▼ Summary
– Trend Micro has patched two critical remote code execution vulnerabilities (CVE-2025-71210 and CVE-2025-71211) in its Apex One endpoint security platform.
– Both flaws are path traversal vulnerabilities in the Apex One management console that allow unprivileged attackers to execute malicious code on unpatched Windows systems.
– Successful exploitation requires access to the management console, prompting Trend Micro to advise customers with externally exposed consoles to apply source restrictions.
– The company released Critical Patch Build 14136 to fix these issues and also addressed several high-severity privilege escalation flaws in the Windows and macOS agents.
– While not currently exploited, similar Apex One vulnerabilities have been actively abused in past attacks, with CISA tracking 10 such exploited flaws.
Trend Micro has urgently addressed two critical security vulnerabilities within its Apex One endpoint protection platform, patching flaws that could allow attackers to execute malicious code remotely on Windows systems. These newly discovered weaknesses represent a significant risk for organizations using the software, underscoring the continuous need for prompt security updates in enterprise environments. Apex One is a comprehensive security solution designed to protect endpoints from a wide array of digital threats, including malware, spyware, and vulnerability exploitation.
The first critical flaw, identified as CVE-2025-71210, stems from a path traversal issue in the Apex One management console. This vulnerability could permit an unprivileged attacker to run arbitrary code on systems that have not yet been updated. The second, tracked as CVE-2025-71211, is a similar path traversal vulnerability affecting a different component of the same management console. According to the company’s security advisory, successful exploitation requires that an attacker already has access to the management console interface. Trend Micro explicitly advises customers with externally exposed console IP addresses to implement source restriction controls if they are not already in place.
The company emphasized that while specific conditions must be met for an attack to succeed, applying the provided patches immediately is strongly recommended. To resolve these issues, Trend Micro has updated its SaaS Apex One offerings and released Critical Patch Build 14136. This update not only fixes the two critical remote code execution flaws but also remedies two high severity privilege escalation vulnerabilities in the Windows agent and four additional issues impacting the macOS agent.
Although there is no current evidence that these particular vulnerabilities are under active attack, the Apex One platform has a history of being targeted. For example, the company previously warned customers in August 2025 to patch an actively exploited remote code execution flaw, CVE-2025-54948. Prior incidents include two other zero day vulnerabilities exploited in the wild during September 2022 (CVE-2022-40139) and September 2023 (CVE-2023-41179). Reflecting this pattern, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) currently catalogs ten different Trend Micro Apex vulnerabilities that have been exploited in active attacks, highlighting the platform’s appeal to threat actors.
(Source: Bleeping Computer)
