CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Endpoint Security·Vulnerabilities

Trend Micro Patches Critical Apex One Vulnerabilities

TrendAI has fixed eight critical and high-severity issues in Windows and macOS endpoint security products. The post Trend Micro Patches Critical Apex One Vulnerabilities appeared first on SecurityWeek.

Trend Micro vulnerability

TrendAI, the new name of Trend Micro’s enterprise business, on Wednesday announced patches for several critical and high-severity vulnerabilities found in the Windows and macOS versions of the Apex One endpoint security solution.

A total of eight vulnerabilities have been addressed, including two with a critical severity rating based on their CVSS scores.

The critical flaws both impact the Trend Micro Apex One management console and “could allow a remote attacker to upload malicious code and execute commands on affected installations”.

These security holes, tracked as CVE-2025-71210 and CVE-2025-71211, are similar in scope, but they impact different executables, the cybersecurity firm noted in its advisory.

The remaining vulnerabilities — all assigned a high severity rating — can be exploited by an attacker who already has access to the targeted system to escalate privileges. 

The high-severity issues have been assigned the CVE identifiers CVE-2025-71212 through CVE-2025-71217.

“Exploiting these type of vulnerabilities generally require that an attacker has access (physical or remote) to a vulnerable machine. In addition to timely application of patches and updated solutions, customers are also advised to review remote access to critical systems and ensure policies and perimeter security is up-to-date,” TrendAI explained.

All of the vulnerabilities were reported to TrendAI through the Zero Day Initiative (ZDI). Patches are available for the on-premises versions; users of SaaS versions of Apex One do not need to take any action.

TrendAI is not aware of in-the-wild exploitation, but it’s not uncommon for threat actors to exploit vulnerabilities in Apex products. 

CISA’s Known Exploited Vulnerabilities (KEV) catalog currently includes 10 CVEs associated with flaws affecting Apex products.

Attribution information is rarely made public, but some attacks have been linked to Chinese hackers.

Related: Trend Micro Patches Critical Code Execution Flaw in Apex Central

Related: Taiwan Security Firm Confirms Flaw Flagged by CISA Likely Exploited by Chinese APTs

Related: Critical Vulnerabilities Patched in Trend Micro Apex Central, Endpoint Encryption     

Latest News

CYBERNEWSMEDIAPublisher