Description
A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalate privileges on affected installations.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Published: 2026-05-21
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A vulnerability in the Apex One scan engine allows a local attacker who already has low‑privileged execution to follow a malicious link that exploits improper pathname restrictions (CWE‑59), resulting in privilege escalation. Once elevated, the attacker could execute arbitrary code or gain persistent higher rights on the affected system.

Affected Systems

Trend Micro Apex One and Trend Micro Apex One as a Service installations are impacted, specifically versions 14.0.0.14136 and 14.0.0.20315 respectively. These deployments remain susceptible until updated to a patched release.

Risk and Exploitability

The CVSS score of 7.8 reflects a high‑severity vulnerability; the EPSS score is unavailable and the flaw is not listed in the CISA KEV catalog. Exploitation requires local code execution as a prerequisite, so the risk is confined to environments where an attacker has already breached through other means. Without that initial foothold, the likelihood of exploitation is limited.

Generated by OpenCVE AI on May 21, 2026 at 14:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest security update from Trend Micro that addresses the link‑following flaw in Apex One 14.0.0.14136 and Apex One as a Service 14.0.0.20315.
  • Restrict Apex One service accounts to the minimum privileges required to limit damage from any local code execution.
  • Disable or tightly monitor link‑following features in the scan engine, and enforce network segmentation around endpoints to contain potential lateral movement.

Generated by OpenCVE AI on May 21, 2026 at 14:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 21 May 2026 15:00:00 +0000

Type Values Removed Values Added
Title Privilege Escalation via Link Following Vulnerability in Trend Micro Apex One

Thu, 21 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 21 May 2026 13:45:00 +0000

Type Values Removed Values Added
Description A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
First Time appeared Trendmicro
Trendmicro apexone Op
Trendmicro apexone Saas
Weaknesses CWE-59
CPEs cpe:2.3:a:trendmicro:apexone_op:14.0.0.14136:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:apexone_saas:14.0.0.20315:*:*:*:*:*:*:*
Vendors & Products Trendmicro
Trendmicro apexone Op
Trendmicro apexone Saas
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Trendmicro Apexone Op Apexone Saas
cve-icon MITRE

Status: PUBLISHED

Assigner: trendmicro

Published:

Updated: 2026-05-21T14:09:07.478Z

Reserved: 2026-02-11T16:33:44.102Z

Link: CVE-2025-71212

cve-icon Vulnrichment

Updated: 2026-05-21T14:09:03.595Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-21T14:16:43.777

Modified: 2026-05-21T15:05:28.023

Link: CVE-2025-71212

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-21T14:45:12Z

Weaknesses