Trend Micro warns of critical Apex One code execution flaws

Source: Bleeping Computer

Japanese cybersecurity software firm Trend Micro has patched two critical Apex One vulnerabilities that allow attackers to gain remote code execution (RCE) on vulnerable Windows systems. Apex One is an endpoint security platform that detects and responds to security threats, including malware, spyware, malicious tools, and vulnerabilities.

CVE‑2025‑71210

A path‑traversal weakness in the Trend Micro Apex One management console allows attackers without privileges to execute malicious code on unpatched systems.

CVE‑2025‑71211

Another path‑traversal vulnerability in the Apex One management console, similar in scope to CVE‑2025‑71210 but affecting a different executable.

Patch Details

Trend Micro released Critical Patch Build 14136, which addresses the two critical flaws and also fixes:

• Two high‑severity privilege‑escalation flaws in the Windows agent.
• Four additional issues affecting the macOS agent.

The vendor’s Tuesday security advisory notes that successful exploitation requires “access to the Trend Micro Apex One Management Console,” so customers with externally exposed console IP addresses should consider source‑restriction mitigations. Trend Micro strongly encourages updating to the latest builds as soon as possible.

Historical Context

While these specific vulnerabilities have not been observed in the wild, Trend Micro has previously warned about actively exploited Apex One RCE flaws:

• CVE‑2025‑54948 – Actively exploited in August 2025.
• CVE‑2022‑40139 – Exploited in September 2022.
• CVE‑2023‑41179 – Exploited in September 2023.

CISA Tracking

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) currently tracks 10 Trend Micro Apex vulnerabilities that have been or are still being exploited in the wild.

View the catalog for more details.