Trend Micro has addressed a series of serious security vulnerabilities in its Apex One product line, which pose significant risks, including the potential for remote code execution. These issues were highlighted in a recent advisory, urging users to update their systems promptly.
Critical Vulnerabilities Found
The vulnerabilities, identified by CVE identifiers ranging from CVE-2025-71210 to CVE-2025-71217, have been assigned CVSS v3 scores between 7.2 and 9.8, indicating their high severity. The affected products include Apex One 2019 (on-premise) on Windows and the Apex One as a Service (Trend Vision One Endpoint – Standard Endpoint Protection) on Windows.
Trend Micro’s advisory emphasizes the need for users to upgrade to the latest builds to safeguard against these vulnerabilities, even if previous patches have partially mitigated the issues.
Remote Code Execution Risks
Among the most concerning flaws are CVE-2025-71210 and CVE-2025-71211, which are described as directory traversal vulnerabilities in the Apex One management console. These flaws can enable attackers to upload malicious code and execute commands within affected installations.
Exploitation of these vulnerabilities requires access to the management console, and Trend Micro warns that publicly accessible console IP addresses increase the risk of attack. Implementing source restrictions is recommended to mitigate potential threats.
Additional Security Concerns
The advisory also reports local privilege escalation issues on Windows, involving link following (CWE-59) and origin validation errors (CWE-346). These vulnerabilities necessitate an attacker’s ability to run low-privileged code on the target system.
For macOS, several vulnerabilities are noted as informational, having been addressed in earlier updates through ActiveUpdate or SaaS updates in 2025. These include origin validation errors and TOCTOU vulnerabilities that were previously fixed.
Trend Micro’s advisory serves as a crucial reminder for organizations to maintain up-to-date security practices. Regular patch management and implementing recommended security configurations are essential steps in protecting systems from potential exploitation.
