Trend Micro fixes two critical flaws in Apex One
Trend Micro fixes two critical flaws in Apex One
https://securityaffairs.com/188572/security/trend-micro-fixes-two-critical-flaws-in-apex-one.html
Publish Date: 2026-02-26 16:44:00
Source Domain: securityaffairs.com
Trend Micro fixes two critical flaws in Apex One
Pierluigi Paganini
February 26, 2026
Trend Micro fixed two critical Apex One flaws enabling remote code execution on vulnerable Windows systems and urged immediate updates.
Trend Micro has addressed two critical vulnerabilities in Apex One that could allow attackers to achieve remote code execution on affected Windows systems. The company released security updates and strongly urged customers to apply the patches promptly to prevent potential exploitation and protect their environments from compromise.
Trend Micro Apex One is an all-in-one advanced endpoint security solution. It provides ransomware protection, zero-day threat defense, EDR, predictive machine learning, DLP, and virtual patching via a single agent.
The first vulnerability addressed by the security firm is a Console Directory Traversal Remote Code Execution issue tracked as CVE-2025-71210 (CVSS score of 9.8).
“A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations.” reads the advisory. “For this particular vulnerability, an attacker must have access to the Trend Micro Apex One Management Console, so customers that have their console’s IP address exposed externally should consider mitigating factors such as source restrictions if not already applied.”
The second vulnerability fixed by the company is a Console Directory Traversal Remote Code Execution issue, tracked as CVE-2025-71211 (CVSS score of 9.8). The report states that the vulnerability is similar in scope to CVE-2025-71210 but impacts a different executable.
“A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is similar in scope to CVE-2025-71210 but affects…
