Ddos 
Network defenders using Trend Micro Apex One need to prioritize their patching schedules this week. TrendAl has officially released a Critical Patch (CP) for Trend Micro Apex One, alongside informational updates for Apex One (Mac), addressing several serious vulnerabilities.
The most severe issues patched in this bulletin are CVE-2025-71210 and CVE-2025-71211. Both are Console Directory Traversal vulnerabilities carrying a critical CVSSv3 score of 9.8. These flaws “could allow a remote attacker to upload malicious code and execute commands on affected installations”.
To exploit these flaws, “an attacker must have access to the Trend Micro Apex One Management Console”. If you are running the SaaS versions of the product, you are already protected, as they “have already been mitigated and no customer action required”.
The Windows update also addresses two High-severity (CVSS 7.8) Local Privilege Escalation vulnerabilities: CVE-2025-71212 and CVE-2025-71213.
To pull these off, “an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability”. The Critical Patch also includes enhancements to improve protections against older vulnerabilities, specifically CVE-2025-54987 and CVE-2025-54948.
For organizations using Apex One (Mac), the bulletin provides informational details on four vulnerabilities (CVE-2025-71214 through CVE-2025-71217). You don’t need to scramble to patch these today, as they were “addressed already via ActiveUpdate/SaaS updates in mid to late 2025”.
Trend Micro strongly urges customers to apply the following updates to secure their environments:
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
