Trend Micro has issued fixes for two critical remote code execution flaws in the Apex One management console, according to Security Affairs.Abusing the console directory traversal remote code execution bugs, tracked as CVE-2025-71211 and CVE-2025-71210, could allow attackers with access to the Apex One Management Console to upload and execute malicious code on affected Windows systems. While no active exploitation was reported, Trend Micro emphasized that externally exposed consoles are at higher risk: "For this particular vulnerability, an attacker must have access to the Trend Micro Apex One Management Console, so customers that have their console's IP address exposed externally should consider mitigating factors such as source restrictions if not already applied."Aside from releasing Critical Patch Build 14136 to address these RCEs, Trend Micro also moved to remediate the Windows agent flaws CVE-2025-71213 and CVE-2025-71212, which could allow local attackers to gain elevated privileges. SaaS Apex One versions were already mitigated. Customers are strongly urged to apply updates immediately to secure their environments against potential attacks.
Vulnerability Management, Patch/Configuration Management
Trend Micro patches critical Apex One bugs
Adobe Stock
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds