Trend Micro Apex One management console path traversal RCE (CVE-2025-71210)
Vulnerability
Summary
Hide ▲
Show ▼
Trend Micro's Apex One management console flaw CVE-2025-71210 can let attackers without privileges run malicious code on unpatched Windows systems, making it a critical remote code execution risk. The weakness is a path traversal bug in the console component. Trend Micro has already issued fixes, but externally exposed consoles remain the most concerning target until updates are applied.
Timeline
-
26.02.2026 19:58 2 articles · 3mo ago
Trend Micro patches Apex One management console RCE flaws
Mitigation Patch UpdateTrend Micro patched two critical Apex One management console path traversal vulnerabilities, CVE-2025-71210 and CVE-2025-71211, that can allow attackers with console access to execute malicious code on vulnerable Windows systems. The company also released Critical Patch Build 14136 for SaaS Apex One versions, addressed related high-severity privilege escalation flaws in the Windows and macOS agents, and urged customers to update to the latest builds and restrict externally exposed console access.
Show sources
- Trend Micro warns of critical Apex One code execution flaws — www.bleepingcomputer.com — 26.02.2026 19:58
- Trend Micro warns of critical Apex One code execution flaws — www.bleepingcomputer.com — 26.02.2026 19:58