Trend Micro Apex One: Malware protection with critical security vulnerabilities
In Trend Micro's Apex One, developers have closed code smuggling vulnerabilities. IT managers should update quickly.
(Image: Skorzewiak/Shutterstock.com)
In Trend Micro's Apex One, IT researchers have discovered several, partly critical, security vulnerabilities. IT managers with on-premises instances of Apex One should quickly apply the available updates. Those using the software-as-a-service variant are already protected.
This is explained by Trend Micro in a security advisory. The critical security vulnerabilities affect the Trend Micro Apex One management console on Windows. Attackers from the network can upload malicious code and execute commands on vulnerable installations. This is possible due to a directory traversal vulnerability. Two executable files are affected, hence there are also two CVE entries (CVE-2025-71210, CVE-2025-71211; both CVSS 9.8, risk “critical”). The developers point out that attackers must have console access for this, so it should not be exposed to the internet, and access within the LAN should be restricted to the necessary addresses.
Further security flaws in Apex One
Apex One's scan engine allows malicious actors to escalate their privileges on the system. This is due to a vulnerability when following links (CVE-2025-71212, CVSS 7.8, risk “high”). Attackers can also gain higher privileges due to an incorrect origin validation error (CVE-2025-71213, CVSS 7.8, risk “high”). The updates also extend the patches with which Trend Micro closed security vulnerabilities in Apex One that were attacked in the wild last August (CVE-2025-54987, CVE-2025-54948; CVSS 9.8, risk “critical”).
Videos by heise
Furthermore, there are purely informational notes on vulnerabilities in Apex One on macOS. Trend Micro reportedly closed these in mid to late 2025 using ActiveUpdate. These involve potential privilege escalations (CVE-2025-71215, CVE-2025-71216, CVE-2025-71217, CVSS 7.8, risk “high”; CVE-2025-71214, CVSS 7.2, risk “high”).
Admins should update their Apex One 2019 (On-prem) to at least the bug-fixed level CP Build 14136. Apex One as a Service and Trend Vision One Endpoint are protected against the security vulnerabilities with Security Agent version 14.0.20315.
(dmk)
