AI description
CVE-2025-71211 is a path traversal vulnerability found in the Trend Micro Apex One management console. This flaw could enable a remote attacker to upload malicious code and execute commands on affected installations. The vulnerability is similar in scope to CVE-2025-71210 but impacts a different executable within the Apex One platform. Exploitation of CVE-2025-71211 requires an attacker to have access to the Trend Micro Apex One Management Console.
- Description
- A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is similar in scope to CVE-2025-71210 but affects a different executable. Please note: although this vulnerability carries a technical critical CVSS rating, this was reported via responsible disclosure via a researcher through the Zero Day Initiative. The SaaS versions of the product have already been mitigated and no customer action required. For this particular vulnerability, an attacker must have access to the Trend Micro Apex One Management Console, so customers that have their console�s IP address exposed externally should consider mitigating factors such as source restrictions if not already applied.
- Source
- security@trendmicro.com
- NVD status
- Analyzed
- Products
- apex_one
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security@trendmicro.com
- CWE-22
- Hype score
- Not currently trending
⚠️ Vulnerabilidades en productos Trend Micro ❗ CVE-2025-71212 ❗ CVE-2025-71211 ❗ CVE-2025-71210 ➡️ Más info: https://t.co/QpCBUSZKbU https://t.co/zth4dfDLU6
@CERTpy
3 Mar 2026
146 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【リンク集:2月26日〜27日のセキュリティ関連ニュース/記事】 <脆弱性> ・Juniper NetworksのPTXシリーズに重大な脆弱性、ルーターの完全な乗っ取りが可能に(CVE-2026-21902) https://t.co/fJowvjbogd ・トレンドマイ
@MachinaRecord
27 Feb 2026
202 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Trend Micro patches critical Apex One RCE bugs (CVE-2025-71210/71211) — update now Trend Micro fixed two critical directory-traversal RCE flaws in Apex One’s management console (CVE-2025-71210 and CVE-2025-71211, both CVSS 9.8) that could enable malicious code execution
@ThreatSynop
26 Feb 2026
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
トレンドマイクロのApex Oneで複数の重大(Critical)な脆弱性が修正。CVE-2025-71210とCVE-2025-71211はCVSSスコア9.8で、コンソールディレクトリトラバーサルからの遠隔コード実行。SaaS版は既に緩和済み(脆弱ではなかっ
@__kokumoto
26 Feb 2026
2382 Impressions
1 Retweet
3 Likes
1 Bookmark
0 Replies
1 Quote
🚨🚨🚨 『A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands』 CVE-2025-71210、CVE-2025-71211 SECURITY BULLETIN: Apex One and Apex One (Mac) - February 2026 https://t.co/Y37nFoXlzW
@autumn_good_35
25 Feb 2026
1135 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
2 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:apex_one:*:*:*:*:on-premises:windows:*:*",
"matchCriteriaId": "739767A5-60D4-47F4-8C64-4D467B577EA1",
"versionEndExcluding": "14.0.0.14136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_one:*:*:*:*:saas:windows:*:*",
"matchCriteriaId": "E2FF211F-6A51-4E98-83A1-AC18122E2473",
"versionEndExcluding": "14.0.20315",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]