Trend Micro Apex One Vulnerabilities

Micro Focus has addressed several flaws in Apex One software, categorized as high through critical risks; these include problems affecting the management interface capable of enabling remote command injection attacks.

Several vulnerabilities identified as affecting systems fall within this spectrum: starting at CVE-2025-71210 up until CVE-2025-71217; these issues have been rated according to CVSS version three scale, indicating severity levels of seven on average across all reported instances. Between two and nine. Eight.

In February of 2026, an advisory categorized Appliance One version 2019 for local installations under Windows along with Apex One in its service offering - TrendVision One Endpoint Security - standard endpoint protection also applicable to Windows systems as critical products at risk.

The Trend Micro assistance suggests instructing users to upgrade their systems to the most recent versions, despite potentially older fixes addressing some aspects of the problem.

The two significant issues identified, labeled CVE-2025-71210 and CVE-2025-71211, fall under the category of console directory traversal Remote Code Execution vulnerabilities (denoted by CWE-22), specifically within the Apex One management interface.

Such problems enable hackers to deploy harmful software onto vulnerable systems.

google

The company Trend Micro reports that exploiting involves gaining access to the Apex One Management Console.

The firm cautions about external access consoles via their public IPs heightening security risks; it advises implementing such controls when absent currently.

Additionally, this guidance addresses vulnerabilities in Local Privilege Escalation within Windows systems, specifically mentioning problems related to Link Following (a CWE identifier for 59) and Origin Validation Errors (another CWE entry labeled as 346).

CVE Type CVSS Platform Key Note

The CVE identifier for 2025-71210 is associated with Console directory traversal leading to Remote Code Execution vulnerability; severity level: 9. Accessing Windows consoles is necessitated by requiring software as a service solutions instead.

The CVE identifier for an 8 September vulnerability is CVE-2025-71211; it involves Console directory traversal leading to Remote Code Execution. Eight corresponds to Windows; it shares similarities with code number 71210.

The vulnerability CVE-2025-71212 involves linking through Local Privilege Escalation; it ranks as 7 in severity level. An 8 represents a requirement for low-level privilege in executing code on Windows systems.

The vulnerability CVE-2025-71213 involves an Origin Validation Local Privilege Escalation issue, affecting version 7. A low-level program access is necessary for operation.

The CVE identifier for an Origin Validation Local Privilege Escalation vulnerability is 2025-71214, ranking at level seven in severity. Two: Mac - informational content; issue resolved earlier.

The vulnerability CVE-2025-71215 is classified as TOCTOU Local Privilege Escalation 7 in severity level. Eight: Informational status updated; issue resolved earlier.

The vulnerability CVE-2025-71216 is classified as TOCTOU Local Privilege Escalation 7 in severity level. Eight: Informational status updated; issue resolved earlier.

The vulnerability CVE-2025-71217 involves an Origin Validation Local Privilege Escalation flaw, affecting version 7. Eight: Informational status updated; issue resolved earlier.

To exploit these flaws, intruders must first possess the capability of running less privileged software at their victim's system level.

Trend Micro offers CVE identifiers for Mac OS X users; they indicate this information pertains to fixes made through regular maintenance/subscription services during the latter half of 2025.