Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
3141 articles · 171638 vulns · 37/41 feeds (7d)
← Back to list
9.8
CVE-2025-71210PATCHED
trend micro · apex one

CVE-2025-71210: A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code an

Description

A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. Please note: although this vulnerability carries a technical critical CVSS rating, this was reported via responsible disclosure via a researcher through the Zero Day Initiative. The SaaS versions of the product have already been mitigated and no customer action required. For this particular vulnerability, an attacker must have access to the Trend Micro Apex One Management Console, so customers that have their console�s IP address exposed externally should consider mitigating factors such as source restrictions if not already applied.

Affected Products

VendorProductVersions
trend microapex one2019 (14.0), SaaS

Also Affects

Downstream vendors/products affected by this vulnerability

VendorProductSourceConfidence
trend microapex onecert_advisory90%

References

  • https://success.trendmicro.com/en-US/solution/KA-0022458
  • https://www.zerodayinitiative.com/advisories/ZDI-26-136/

Related News (1 articles)

Tier B
BSI Advisories44d ago
[UPDATE] [hoch] Trend Micro Apex One: Mehrere Schwachstellen
→ No new info (linked only)
CVSS 3.19.8 CRITICAL
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA KEV❌ No
Actively exploited❌ No
Patch available
14.0.0.1413614.0.20315
CWECWE-22
PublishedMay 21, 2026
Trending Score0
Source articles1
Independent1
Info Completeness0/14
Missing: cve_id, title, description, vendor, product, versions, cvss, epss, cwe, kev, exploit, patch, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

HIGHCVE-2025-71213
CVE-2025-71213: An origin validation error vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on
HIGHCVE-2025-71215
CVE-2025-71215: A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent iCore service signature verification c
HIGHCVE-2025-71212
CVE-2025-71212: A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalate privileg
HIGHCVE-2026-34930
CVE-2026-34930: An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affe
MEDIUMCVE-2026-34926EXPKEV
CVE-2026-34926: A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker t

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
May 21, 2026
Discovered by ZDM
May 21, 2026
Patch Available
May 21, 2026