Trend Micro Fixes Critical Flaws in Apex One, Urges Immediate Updates

In a recent development, Trend Micro has addressed two critical vulnerabilities in its popular endpoint security solution, Apex One, that could allow attackers to achieve remote code execution on vulnerable Windows systems. The company released security updates and strongly urged customers to apply the patches promptly to prevent potential exploitation and protect their environments from compromise.

Apex One is an all-in-one advanced endpoint security solution that provides a range of protection features, including ransomware protection, zero-day threat defense, endpoint detection and response (EDR), predictive machine learning, data loss prevention (DLP), and virtual patching via a single agent. The vulnerabilities addressed by Trend Micro are Console Directory Traversal Remote Code Execution issues, tracked as CVE-2025-71210 and CVE-2025-71211, with a CVSS score of 9.8 for both.

According to the advisory issued by Trend Micro, a vulnerability in the Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. This vulnerability requires access to the Trend Micro Apex One Management Console, which is exposed externally in some cases. Customers who have their console's IP address exposed externally are advised to consider mitigating factors such as source restrictions if not already applied.

The second vulnerability fixed by the company is also a Console Directory Traversal Remote Code Execution issue, with similar scope and impact to CVE-2025-71210 but affecting a different executable. Again, the advisory highlights the importance of access to the Apex One Management Console in exploiting this vulnerability.

Researchers Jacky Hsieh and Charles Yang from CoreCloud Tech reported both flaws through Trend Micro's Zero Day Initiative. The SaaS versions of Apex One have already been mitigated, and no customer action is required. However, Trend Micro has released Critical Patch Build 14136 to address the vulnerabilities in the SaaS versions.

In addition to the Console Directory Traversal Remote Code Execution issues, Trend Micro also fixed two high-severity privilege escalation flaws in the Windows agent (CVE-2025-71212 and CVE-2025-71213) and four issues impacting the macOS agent. While the company has not revealed whether these vulnerabilities have been exploited in attacks in the wild, it is essential for organizations to apply the patches promptly to prevent potential exploitation.

In conclusion, Trend Micro's timely response to these critical vulnerabilities is a testament to its commitment to cybersecurity and customer protection. Organizations that rely on Apex One should prioritize applying the security updates immediately to ensure their environments remain secure against potential attacks.