- 47/2026
- Critical
Trend Micro has released security updates to address several vulnerabilities affecting Trend Micro Apex One version 2019 (On-prem), Apex One as a Service (SaaS), and Trend Vision One Endpoint – Standard Endpoint Protection (SaaS).
The addressed vulnerabilities could allow the attacker to gain elevated privileges, execute arbitrary code, and gain access to the affected systems.
Sample of addressed vulnerabilities:
1. Trend Micro Console Directory Traversal Remote Code Execution Vulnerability (CVE-2025-71210):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. Trend Micro Agent Self Protection Origin Validation Error Local Privilege Escalation Vulnerability (CVE-2025-71217):
- CVSS: 7.8
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Privileges
Vulnerabilities
- CVE-2025-71210
- CVE-2025-71211
- CVE-2025-71212
- CVE-2025-71213
- CVE-2025-71214
- CVE-2025-71215
- CVE-2025-71216
- CVE-2025-71217
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.