—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in Trend Micro Apex One

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: CRITICAL

Software Affected

Apex One 2019 (On-prem and SaaS)

Trend Micro Apex One (mac) 

Trend Vision One Endpoint – Standard Endpoint Protection  (SaaS)

Overview

Multiple vulnerabilities have been reported in Trend Micro Apex One affecting the management console, scan engine, and macOS agent components which could allow an attacker to perform remote code execution (RCE) to local privilege escalation (LPE) on the targeted device.

 

Target Audience:

IT Administrators, Security Operations Center (SOC) Teams,Cybersecurity Ana-lysts,System Engineers, Executive Management (CISO / IT Leadership).

Risk Assessment:

High risks of service interruption and unauthorized access.

Impact Assessment:

Potential impact on confidentiality, integrity and availability of the system.

Description

Trend Micro Apex One is an enterprise endpoint security solution designed to protect organizations against malware, ransomware, advanced persistent threats (APTs), and zero-day attacks.

1. Directory Traversal Remote Code Execution Vulnerability ( CVE-2025-71210   CVE-2025-71211   )

Directory traversal vulnerabilities exist in the Trend Micro Apex One Management Console. These vulnerabilities could allow a remote attacker to upload malicious files and execute arbitrary commands on affected installations.

2. Local Privilege Escalation Vulnerability ( CVE-2025-71212   CVE-2025-71213   )

Multiple vulnerabilities exist in the Trend Micro Apex One Scan Engine. These vulnerabilities could allow a locally authenticated attacker to escalate privileges on affected systems.

3. Local Privilege Escalation Vulnerability ( CVE-2025-71214   )

A vulnerability exists in the Trend Micro Apex One (macOS) Agent iCore service due to improper origin validation. An attacker with local access could exploit this vulnerability to escalate privileges on affected installations.

4. Local Privilege Escalation Vulnerability ( CVE-2025-71215   )

This vulnerability exists in the Trend Micro Apex One (mac) agent iCore service signature verification due to a time-of-check time-of-use.  A local attacker could exploit this vulnerability to escalate privileges on affected systems.

Solution

Apply appropriate updates as mentioned in:

https://success.trendmicro.com/en-US/solution/KA-0022458

Vendor Information

Trendmicro

https://success.trendmicro.com/en-US/solution/KA-0022458

References

 

https://success.trendmicro.com/en-US/solution/KA-0022458

CVE Name

CVE-2025-71210

CVE-2025-71211

CVE-2025-71212

CVE-2025-71213

CVE-2025-71214

CVE-2025-71215

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmmhsnUACgkQ3jCgcSdc

ys/+uhAAnT7lSRS+AA5rZknVS5WPNtpqklgcVwvzoEgVhaTVOEmn6Ppu5woemDsv

yD1GkkOUFzFRufVAslby5KI7jaQWanxW37we9Q9onWt+80T04IrqI6ibNiJhSBeb

Kkvht0F4YElAJkQwKuSle36NGsnJTWvVQeseCNfLdz62aTnkYzem4Jff96Hui6aL

jE1l/1QUzUuvHMlMwQFeedEDYy2KkOCjUBNbv9icRRGH6Q1I9g9l0HiUt0T6+Tl8

p1IKkzZJxKwHkzzZxVSdYfCdzAUR4l0T/ogGP3qt+/zCYUFKeNjMIZNwzbtmHRfy

HlApZLqPquReIsfxW02nZebdObz0ufvGdJAyWU8W2oKTN8WTq3CTklcJ2cjdV4Lk

DY1le3seBtAM7D5My8HRoq0o+JKJN0FEnW3/rgJR+lJ34p2DvPqtqfGSX1Cpf9Mo

0QsTYYRw9ef8yZKbRJBcJxqochbFoJMc+CGYSoBf9fIEnJjeUSPQ8nmIpBCKkQCw

h1XBxkifyOQdgBjij4AW+1pWnelruaUiPffy2kKmkE5+vxPqZMa4bgtLHV2k0XfL

mppkjFPdAQF33RqiAtzOUnAEgu6rt4CvKLJpZ41TWL8PsYJAZvrytEjck4zCwHOR

xySD0m5dgnNsCFMf7AhTnXJv1VMfZyP0FcLDdZsbEIbKMQNNYlo=

=IDKC

—–END PGP SIGNATURE—–