Japanese Cybersecurity Firm, Trend Micro, Addresses Critical Apex One Vulnerabilities

Japanese cybersecurity software firm Trend Micro recently released patches for two critical vulnerabilities in its Apex One platform. These vulnerabilities could potentially allow attackers to execute remote code on Windows systems that are vulnerable.

Apex One is a robust endpoint security platform designed to detect and respond to various security threats, including malware, spyware, malicious tools, and vulnerabilities.

The first critical vulnerability, identified as CVE-2025-71210, is a path traversal weakness found in the Trend Micro Apex One management console. This flaw enables attackers without privileges to execute malicious code on unpatched systems.

The second critical vulnerability, known as CVE-2025-71211, is another path traversal issue within the Apex One management console. While similar to CVE-2025-71210, this vulnerability affects a different executable.

Trend Micro emphasized in a security advisory that successful exploitation of these vulnerabilities requires access to the Trend Micro Apex One Management Console. Customers with externally exposed console IP addresses should consider implementing mitigating factors like source restrictions if not already in place.

Trend Micro strongly advises customers to update to the latest builds promptly to address these critical security flaws. The company has patched the vulnerabilities in the SaaS Apex One versions and released Critical Patch Build 14136, which also addresses two high-severity privilege escalation vulnerabilities in the Windows agent and four vulnerabilities affecting the macOS agent.

Although Trend Micro has not reported any exploitation of these vulnerabilities in the wild, threat actors have previously targeted Apex One in attacks. Customers were previously urged to patch an actively exploited Apex One RCE vulnerability (CVE-2025-54948) in August 2025, as well as two other zero-day vulnerabilities in September 2022 (CVE-2022-40139) and September 2023 (CVE-2023-41179).

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is actively monitoring 10 Trend Micro Apex vulnerabilities that have either been exploited or are currently being targeted by threat actors.

Modern IT infrastructure moves faster than manual workflows can handle.

Discover how your team can reduce hidden manual delays, enhance reliability through automated response, and create intelligent workflows using tools you already use in the new Tines guide.

Get the guide