CVE-2025-71211 – Trend Micro Apex One Critical Remote Code Execution Vulnerabilities
“Two critical console weaknesses could let attackers upload malicious files and take control of your server — this patch closes that gap.”
Trend Micro has released security updates for Apex One, addressing two critical path traversal vulnerabilities in the Apex One management console. Both issues carry a CVSS v3 score of 9.8 (Critical) and can lead to remote code execution (RCE) if exploited. Organizations running on-premises Apex One deployments should apply the update immediately.
CVE-2025-71210 — Critical (CVSS v3: 9.8)
This vulnerability is a path traversal issue in the Apex One management console. An attacker with access to the console could manipulate file paths to upload and execute arbitrary code on the underlying Windows system. Successful exploitation may result in full system compromise.
CVE-2025-71211 — Critical (CVSS v3: 9.8)
A second path traversal vulnerability exists in a separate Apex One component within the management console. Like the first issue, it enables attackers to upload malicious files and execute code remotely, potentially leading to complete control of the affected server.
Trend Micro confirmed patches are available in the latest updated builds of Apex One. While exploitation requires access to the management console, exposed or improperly secured console interfaces significantly increase risk. There were no public reports of active in-the-wild exploitation at the time of disclosure. Critical Patch Build 14136 fixes these issues.