Estafette
Compose Login
You are browsing eu.zone1 in read-only mode. Log in to participate.
rss-bridge 2026-02-26T21:35:51+00:00

Trend Micro fixes two critical flaws in Apex One

Trend Micro fixed two critical Apex One flaws enabling remote code execution on vulnerable Windows systems and urged immediate updates. Trend Micro has addressed two critical vulnerabilities in Apex One that could allow attackers to achieve remote code execution on affected Windows systems. The company released security updates and strongly urged customers to apply the […]

---

- Home

- Cyber Crime

- Cyber warfare

- APT

- Data Breach

- Deep Web

- Hacking

- Hacktivism

- Intelligence

- Artificial Intelligence

- Internet of Things

- Laws and regulations

- Malware

- Mobile

- Reports

- Security

- Social Networks

- Terrorism

- ICS-SCADA

- Crypto

- POLICIES

- Contact me

MUST READ

Canadian Tire 2025 data breach impacts 38 million users

Microsoft warns of RAT delivered through trojanized gaming utilities

Aeternum botnet hides commands in Polygon smart contracts

iPhone and iPad are the first consumer devices cleared for NATO ‘RESTRICTED’ classification

Juniper issues emergency patch for critical PTX router RCE

How AI Aids Incident Response: Why Humans Alone Cannot Do IR Efficiently

12 Million exposed .env files reveal widespread security failures

ManoMano data breach impacted 38 Million customer accounts

Trend Micro fixes two critical flaws in Apex One

UAT-10027 campaign hits U.S. education and healthcare with stealthy Dohdoor backdoor

U.S. CISA adds Cisco SD-WAN flaws to its Known Exploited Vulnerabilities catalog

Hackers abused Cisco SD-WAN zero-day since 2023 to gain full admin control

Google GTIG disrupted China-linked APT UNC2814 halting attacks on 53 orgs in 42 countries

Untrusted repositories turn Claude code into an attack vector

ShinyHunters cyberattack on CarGurus impacts 12.4 Million users

U.S. CISA adds a flaw in Soliton Systems K.K FileZen to its Known Exploited Vulnerabilities catalog

Lazarus APT group deployed Medusa Ransomware against Middle East target

SolarWinds patches four critical Serv-U flaws enabling root access

VMware Aria Operations flaws could enable remote attacks

- Home

- Cyber Crime

- Cyber warfare

- APT

- Data Breach

- Deep Web

- Hacking

- Hacktivism

- Intelligence

- Artificial Intelligence

- Internet of Things

- Laws and regulations

- Malware

- Mobile

- Reports

- Security

- Social Networks

- Terrorism

- ICS-SCADA

- Crypto

- POLICIES

- Contact me

- Home

- Security

- Trend Micro fixes two critical flaws in Apex One

Trend Micro fixes two critical flaws in Apex One

Pierluigi Paganini
February 26, 2026

Trend Micro fixed two critical Apex One flaws enabling remote code execution on vulnerable Windows systems and urged immediate updates.

Trend Micro has addressed two critical vulnerabilities in Apex One that could allow attackers to achieve remote code execution on affected Windows systems. The company released security updates and strongly urged customers to apply the patches promptly to prevent potential exploitation and protect their environments from compromise.

Trend Micro Apex One is an all-in-one advanced endpoint security solution. It provides ransomware protection, zero-day threat defense, EDR, predictive machine learning, DLP, and virtual patching via a single agent.

The first vulnerability addressed by the security firm is a Console Directory Traversal Remote Code Execution issue tracked as CVE-2025-71210 (CVSS score of 9.8).

“A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations.” reads the advisory. “For this particular vulnerability, an attacker must have access to the Trend Micro Apex One Management Console, so customers that have their console’s IP address exposed externally should consider mitigating factors such as source restrictions if not already applied.”

The second vulnerability fixed by the company is a Console Directory Traversal Remote Code Execution issue, tracked as CVE-2025-71211 (CVSS score of 9.8). The report states that the vulnerability is similar in scope to CVE-2025-71210 but impacts a different executable.

“A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is similar in scope to CVE-2025-71210 but affects a different executable.” reads the report. “For this particular vulnerability, an attacker must have access to the Trend Micro Apex One Management Console, so customers that have their console’s IP address exposed externally should consider mitigating factors such as source restrictions if not already applied.”

The researchers Jacky Hsieh and Charles Yang @ CoreCloud Tech reported both flaws through the TrendAI’s Zero Day Initiative. The SaaS versions have already been mitigated, and no customer action is required.

Trend Micro addressed the vulnerabilities in the SaaS Apex One versions and released Critical Patch Build 14136.

The company also fixes two high-severity privilege escalation flaws (CVE-2025-71212: Scan Engine Link Following Local Privilege Escalation Vulnerability, CVE-2025-71213: Origin Validation Error Local Privilege Escalation Vulnerability) in the Windows agent and four issues impacting the macOS agent.

The cybersecurity firm did not reveal if these vulnerabilities have been exploited in attacks in the wild.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Trend Micro)

---

---

Apex One
Hacking
hacking news

you might also like

Pierluigi Paganini
March 01, 2026

Read more

Pierluigi Paganini
February 28, 2026

Canadian Tire 2025 data breach impacts 38 million users

Read more

up-to-date!

recent articles

Security / March 01, 2026

Canadian Tire 2025 data breach impacts 38 million users

Data Breach / February 28, 2026

Microsoft warns of RAT delivered through trojanized gaming utilities

Malware / February 28, 2026

Aeternum botnet hides commands in Polygon smart contracts

Mobile / February 27, 2026

iPhone and iPad are the first consumer devices cleared for NATO ‘RESTRICTED’ classification

Security / February 27, 2026

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.

Manage consent

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.

SAVE & ACCEPT

---

[Original source](https://securityaffairs.com/188572/security/trend-micro-fixes-two-critical-flaws-in-apex-one.html)

Reply