{"id":217925,"date":"2026-02-26T12:58:00","date_gmt":"2026-02-26T17:58:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/02\/26\/trend-micro-warns-of-critical-apex-one-code-execution-flaws\/"},"modified":"2026-02-27T01:05:14","modified_gmt":"2026-02-27T06:05:14","slug":"trend-micro-warns-of-critical-apex-one-code-execution-flaws","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/02\/26\/trend-micro-warns-of-critical-apex-one-code-execution-flaws\/","title":{"rendered":"Trend Micro warns of critical Apex One code execution flaws"},"content":{"rendered":"<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/trend-micro-warns-of-critical-apex-one-rce-vulnerabilities\/\">Trend Micro warns of critical Apex One code execution flaws<\/a><\/p>\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/trend-micro-warns-of-critical-apex-one-rce-vulnerabilities\/\">https:\/\/www.bleepingcomputer.com\/news\/security\/trend-micro-warns-of-critical-apex-one-rce-vulnerabilities\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-02-26 12:58:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.bleepingcomputer.com\">www.bleepingcomputer.com<\/a><\/p>\n<p style=\"text-align:center\">\n<p>Japanese cybersecurity software firm Trend Micro has patched two critical Apex One vulnerabilities\u00a0that allow attackers to gain remote code execution (RCE) on vulnerable\u00a0Windows systems.<\/p>\n<p>Apex One is an endpoint security platform that detects and responds to security threats, including malware, spyware, malicious tools, and vulnerabilities.<\/p>\n<p>The first critical Apex One security flaw patched this week (CVE-2025-71210) is due to a path traversal weakness in the Trend Micro Apex One management console, allowing attackers without privileges to execute malicious code on unpatched systems.<\/p>\n<p> <img decoding=\"async\" src=\"https:\/\/www.bleepstatic.com\/c\/w\/ai-security-board-report-template.jpg\" alt=\"Wiz\" style=\"margin-top: 0px;\"\/><\/p>\n<p>The second, tracked as CVE-2025-71211, is another Apex One management console path traversal vulnerability, similar in scope to CVE-2025-71210 but affecting a different executable.<\/p>\n<p>As Trend Micro explained in a Tuesday security advisory, successful exploitation requires attackers to &#8220;have access to the Trend Micro Apex One Management Console, so customers that have their console&#8217;s IP address exposed externally should consider mitigating factors such as source restrictions if not already applied.&#8221;<\/p>\n<p>&#8220;Even though an exploit may require several specific conditions to be met, Trend Micro strongly encourages customers to update to the latest builds as soon as possible,&#8221; it warned.<\/p>\n<p>To address these critical security flaws, Trend Micro has patched the vulnerabilities in the SaaS Apex One versions and released Critical Patch Build 14136, which also fixes two high-severity privilege escalation flaws in the Windows agent and four more affecting the macOS agent.<\/p>\n<p>While Trend Micro has not flagged these vulnerabilities as exploited in the wild, threat actors have abused other Apex One in attacks over the last several years.<\/p>\n<p>For instance, Trend Micro warned customers to patch an actively exploited Apex One RCE vulnerability (CVE-2025-54948) in August 2025, and addressed two other Apex One zero-days exploited in the wild in September 2022 (CVE-2022-40139) and in&#8230;<\/p>\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/trend-micro-warns-of-critical-apex-one-rce-vulnerabilities\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Trend Micro warns of critical Apex One code execution flaws https:\/\/www.bleepingcomputer.com\/news\/security\/trend-micro-warns-of-critical-apex-one-rce-vulnerabilities\/ Publish Date: 2026-02-26 12:58:00&#8230;<\/p>\n","protected":false},"author":1,"featured_media":217926,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.bleepstatic.com\/content\/hl-images\/2026\/01\/09\/Trend_Micro.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,24,31,32,27],"class_list":["post-217925","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-cybersecurity","tag-exploit","tag-malware","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/217925"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=217925"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/217925\/revisions"}],"predecessor-version":[{"id":217927,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/217925\/revisions\/217927"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/217926"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=217925"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=217925"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=217925"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}