Description
A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations.

Please note: although this vulnerability carries a technical critical CVSS rating, this was reported via responsible disclosure via a researcher through the Zero Day Initiative. The SaaS versions of the product have already been mitigated and no customer action required.

For this particular vulnerability, an attacker must have access to the Trend Micro Apex One Management Console, so customers that have their console�s IP address exposed externally should consider mitigating factors such as source restrictions if not already applied.
Published: 2026-05-21
Score: 9.8 Critical
EPSS: 3.8% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw enables a remote attacker who can reach the Trend Micro Apex One management console to upload malicious code without any file‑type or size restrictions. Based on the description, it is inferred that the upload mechanism bypasses normal file validation and allows a path traversal style write, which is consistent with CWE‑22. Once the attacker succeeds in uploading the payload, the console will execute it with the privileges of the service process, granting the attacker full control over the host and compromising confidentiality, integrity, and availability of the protected environment.

Affected Systems

Trend Micro Apex One on‑premises version 14.0.0.14136 and the Apex One as a Service product version 14.0.0.20315 are affected. The SaaS instance has already been mitigated, so service customers require no action. On‑premises installations remain exposed if the console’s IP address is reachable from the public internet.

Risk and Exploitability

The CVSS score of 9.8 classifies this as a critical vulnerability. The EPSS score of 4% indicates a moderate likelihood of exploitation, although it is not listed in the CISA KEV catalog, suggesting no widespread active exploitation yet. The attacker must have network reach to the Management Console; the likely attack vector is a remote exploit via an externally exposed console. Source restrictions or VPN isolation are effective mitigations to reduce the attack surface and lower the risk of successful exploitation.

Generated by OpenCVE AI on June 18, 2026 at 04:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply network‑level restrictions so that only trusted IP ranges or VPN endpoints can reach the Apex One Management Console.
  • Configure a firewall or reverse proxy to block public access to the console port and enforce strict authentication.
  • If a vendor‑provided fix for the on‑premises product becomes available, apply it immediately; otherwise keep the console isolated until an update is released.
  • If you are using the SaaS version, no action is required; stay in contact with Trend Micro for future updates.

Generated by OpenCVE AI on June 18, 2026 at 04:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title Remote Code Execution via Unrestricted File Upload in Trend Micro Apex One Management Console

Tue, 16 Jun 2026 07:30:00 +0000

Type Values Removed Values Added
Title Remote Code Execution via Unrestricted File Upload in Trend Micro Apex One Management Console

Tue, 26 May 2026 13:45:00 +0000

Type Values Removed Values Added
First Time appeared Trendmicro apex One
CPEs cpe:2.3:a:trendmicro:apex_one:*:*:*:*:on-premises:windows:*:*
cpe:2.3:a:trendmicro:apex_one:*:*:*:*:saas:windows:*:*
Vendors & Products Trendmicro apex One

Thu, 21 May 2026 15:30:00 +0000

Type Values Removed Values Added
Title Remote Code Execution via Unrestricted File Upload in Trend Micro Apex One Management Console

Thu, 21 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 21 May 2026 13:45:00 +0000

Type Values Removed Values Added
Description A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. Please note: although this vulnerability carries a technical critical CVSS rating, this was reported via responsible disclosure via a researcher through the Zero Day Initiative. The SaaS versions of the product have already been mitigated and no customer action required. For this particular vulnerability, an attacker must have access to the Trend Micro Apex One Management Console, so customers that have their console�s IP address exposed externally should consider mitigating factors such as source restrictions if not already applied.
First Time appeared Trendmicro
Trendmicro apexone Op
Trendmicro apexone Saas
Weaknesses CWE-22
CPEs cpe:2.3:a:trendmicro:apexone_op:14.0.0.14136:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:apexone_saas:14.0.0.20315:*:*:*:*:*:*:*
Vendors & Products Trendmicro
Trendmicro apexone Op
Trendmicro apexone Saas
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


Subscriptions

Trendmicro Apex One Apexone Op Apexone Saas
cve-icon MITRE

Status: PUBLISHED

Assigner: trendmicro

Published:

Updated: 2026-05-21T14:10:17.269Z

Reserved: 2026-02-11T16:33:44.101Z

Link: CVE-2025-71210

cve-icon Vulnrichment

Updated: 2026-05-21T14:10:13.728Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-21T14:16:43.540

Modified: 2026-06-17T10:03:52.977

Link: CVE-2025-71210

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T04:15:15Z

Weaknesses
  • CWE-22

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')