Description
A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is similar in scope to CVE-2025-71210 but affects a different executable.

Please note: although this vulnerability carries a technical critical CVSS rating, this was reported via responsible disclosure via a researcher through the Zero Day Initiative. The SaaS versions of the product have already been mitigated and no customer action required.

For this particular vulnerability, an attacker must have access to the Trend Micro Apex One Management Console, so customers that have their console�s IP address exposed externally should consider mitigating factors such as source restrictions if not already applied.
Published: 2026-05-21
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An attacker who can reach the Trend Micro Apex One management console can upload arbitrary code and trigger its execution. The flaw is a path traversal and file upload vulnerability (CWE-22) that allows remote code execution, putting the console and any connected endpoints at risk.

Affected Systems

Affected vendors include Trend Micro, Inc., with the Apex One product line on‑premises (version 14.0.0.14136) and as a Service (version 14.0.0.20315). The SaaS deployment has been fixed by the vendor; on‑premises installations remain vulnerable unless the console’s IP address is protected through network restrictions.

Risk and Exploitability

The vulnerability carries a CVSS score of 9.8, signalling a critical risk. EPSS data is unavailable, but the lack of a public exploit does not lower the threat level. Attackers must have access to the Apex One management console; if the console’s IP is exposed externally, they can use the upload feature to launch arbitrary commands. The vulnerability is not currently listed in CISA’s KEV catalog, yet the combination of high CVSS and the required console access makes immediate mitigation advisable.

Generated by OpenCVE AI on May 21, 2026 at 15:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Restrict inbound traffic to the Apex One Management Console to a trusted source range or VPN, preventing external exposure.
  • If the console is already exposed, apply firewall source restrictions to allow only known management IPs, blocking all others.
  • Place the console behind an internal or private network segment so it is not publicly routable.
  • Where available, upgrade to a patched release and apply any vendor patch for on‑premises Apex One; check Trend Micro advisories for updates.

Generated by OpenCVE AI on May 21, 2026 at 15:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 21 May 2026 15:30:00 +0000

Type Values Removed Values Added
Title Remote Code Execution via Apex One Management Console

Thu, 21 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 21 May 2026 13:45:00 +0000

Type Values Removed Values Added
Description A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is similar in scope to CVE-2025-71210 but affects a different executable. Please note: although this vulnerability carries a technical critical CVSS rating, this was reported via responsible disclosure via a researcher through the Zero Day Initiative. The SaaS versions of the product have already been mitigated and no customer action required. For this particular vulnerability, an attacker must have access to the Trend Micro Apex One Management Console, so customers that have their console�s IP address exposed externally should consider mitigating factors such as source restrictions if not already applied.
First Time appeared Trendmicro
Trendmicro apexone Op
Trendmicro apexone Saas
Weaknesses CWE-22
CPEs cpe:2.3:a:trendmicro:apexone_op:14.0.0.14136:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:apexone_saas:14.0.0.20315:*:*:*:*:*:*:*
Vendors & Products Trendmicro
Trendmicro apexone Op
Trendmicro apexone Saas
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Trendmicro Apexone Op Apexone Saas
cve-icon MITRE

Status: PUBLISHED

Assigner: trendmicro

Published:

Updated: 2026-05-21T14:09:53.718Z

Reserved: 2026-02-11T16:33:44.102Z

Link: CVE-2025-71211

cve-icon Vulnrichment

Updated: 2026-05-21T14:09:47.878Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-21T14:16:43.663

Modified: 2026-05-21T15:05:28.023

Link: CVE-2025-71211

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-22T12:30:27Z

Weaknesses