Description
A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations.

Please note: although this vulnerability carries a technical critical CVSS rating, this was reported via responsible disclosure via a researcher through the Zero Day Initiative. The SaaS versions of the product have already been mitigated and no customer action required.

For this particular vulnerability, an attacker must have access to the Trend Micro Apex One Management Console, so customers that have their console�s IP address exposed externally should consider mitigating factors such as source restrictions if not already applied.
Published: 2026-05-21
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An attacker that reaches the Trend Micro Apex One management console can upload arbitrary code and then execute system commands. The flaw bypasses normal file‑upload controls, allowing a path traversal style injection (CWE‑22). Successful exploitation would give the attacker full control over the host machine, compromising confidentiality, integrity, and availability of the protected environment.

Affected Systems

The vulnerability affects Trend Micro Apex One 14.0.0.14136 for on‑premises deployments and the Apex One as a Service product 14.0.0.20315. The SaaS instance has already been patched, so service carriers have no action to take, while on‑premises installations remain exposed.

Risk and Exploitability

The CVSS rating of 9.8 marks this flaw as critical. No EPSS score is published, but the vulnerability is not listed in the CISA KEV catalog, which suggests it is not actively exploited in the wild yet. However, the attacker must have network reach to the Management Console; if the console’s IP is exposed externally, the threat becomes immediate. Source restrictions or VPN isolation are effective mitigations to reduce attack surface.

Generated by OpenCVE AI on May 21, 2026 at 15:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply network‑level restrictions so that only trusted IP ranges or VPN endpoints can reach the Apex One Management Console.
  • Configure a firewall or reverse proxy to block public access to the console port and enforce strict authentication.
  • Ensure that the console is not exposed to the internet and that all credentials follow best‑practice policies.
  • If you are using the SaaS version, no action is required; stay in contact with Trend Micro for future updates.

Generated by OpenCVE AI on May 21, 2026 at 15:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 21 May 2026 15:30:00 +0000

Type Values Removed Values Added
Title Remote Code Execution via Unrestricted File Upload in Trend Micro Apex One Management Console

Thu, 21 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 21 May 2026 13:45:00 +0000

Type Values Removed Values Added
Description A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. Please note: although this vulnerability carries a technical critical CVSS rating, this was reported via responsible disclosure via a researcher through the Zero Day Initiative. The SaaS versions of the product have already been mitigated and no customer action required. For this particular vulnerability, an attacker must have access to the Trend Micro Apex One Management Console, so customers that have their console�s IP address exposed externally should consider mitigating factors such as source restrictions if not already applied.
First Time appeared Trendmicro
Trendmicro apexone Op
Trendmicro apexone Saas
Weaknesses CWE-22
CPEs cpe:2.3:a:trendmicro:apexone_op:14.0.0.14136:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:apexone_saas:14.0.0.20315:*:*:*:*:*:*:*
Vendors & Products Trendmicro
Trendmicro apexone Op
Trendmicro apexone Saas
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Trendmicro Apexone Op Apexone Saas
cve-icon MITRE

Status: PUBLISHED

Assigner: trendmicro

Published:

Updated: 2026-05-21T14:10:17.269Z

Reserved: 2026-02-11T16:33:44.101Z

Link: CVE-2025-71210

cve-icon Vulnrichment

Updated: 2026-05-21T14:10:13.728Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-21T14:16:43.540

Modified: 2026-05-21T15:05:28.023

Link: CVE-2025-71210

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-21T16:15:14Z

Weaknesses