CVE-2025-71214 - Vulnerability Details

Description

An origin validation error vulnerability in the Trend Micro Apex One (mac) agent iCore service could allow a local attacker to escalate privileges on affected installations.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

The following information is provided as informational only for CVE references, as these were addressed already via ActiveUpdate/SaaS updates in mid to late 2025 (SaaS 2507 & 2005 Yearly Release).

Published: 2026-05-21

Score: 7.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

An origin validation error in the iCore service of Trend Micro Apex One for macOS enables a local attacker who can already execute low‑privileged code to obtain elevated privileges on the affected system. The flaw allows the attacker to send crafted requests that the service incorrectly accepts, causing operations to run with higher rights and bypass intended security boundaries. This permits the attacker to change system configuration, install malicious software, or further expand reach within the environment.

Affected Systems

Installations of Trend Micro Apex One (Mac) that include the iCore service are impacted. No explicit version ranges are published, but the issue was fixed in mid to late 2025 updates (SaaS 2507 and 2005 Yearly Release).

Risk and Exploitability

The CVSS score of 7.8 indicates high severity. EPSS is not provided, suggesting no known public exploitation at this time. The vulnerability is not listed in the CISA KEV catalog. Because a local code‑execution capability is a prerequisite, the risk is confined to environments where non‑privileged users can run arbitrary code. Once that condition is met, the attacker can elevate privileges and potentially compromise the entire system.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Trend Micro, Inc.

TrendAI Apex One (Mac)

affected

Version	Status	Constraints
`NA`	affected	< NA

No data.

Vendor Product Confidence Versions

Trendmicro

Apexone Op

100%

Version	Status	Scheme	Platform
`—`	affected	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest Trend Micro Apex One update that includes the fix (SaaS 2507 & 2005 Yearly Release).
If an immediate update is not feasible, disable or restrict the iCore service to eliminate the privilege‑escalation path from local users.
Enforce strict least‑privilege policies so that no user can execute low‑privileged code that could trigger the flaw.

Generated by OpenCVE AI on May 21, 2026 at 18:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00007.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://success.trendmicro.com/en-US/solution/KA-0022458
https://www.zerodayinitiative.com/advisories/ZDI-26-139/

History

Fri, 22 May 2026 13:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Trendmicro Trendmicro apexone Op
Vendors & Products		Trendmicro Trendmicro apexone Op

Thu, 21 May 2026 17:15:00 +0000

Type	Values Removed	Values Added
Title	Local Privilege Escalation via Origin Validation Error in Trend Micro Apex One (mac)
Weaknesses	CWE-264

Thu, 21 May 2026 15:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-346
Metrics		cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 21 May 2026 15:00:00 +0000

Type	Values Removed	Values Added
Title		Local Privilege Escalation via Origin Validation Error in Trend Micro Apex One (mac)
Weaknesses		CWE-264

Thu, 21 May 2026 13:45:00 +0000

Type	Values Removed	Values Added
Description		An origin validation error vulnerability in the Trend Micro Apex One (mac) agent iCore service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The following information is provided as informational only for CVE references, as these were addressed already via ActiveUpdate/SaaS updates in mid to late 2025 (SaaS 2507 & 2005 Yearly Release).
References		https://success.trendmicro.com/en-US/solution/KA-0022458 https://www.zerodayinitiative.com/advisories/ZDI-26-139/

Subscriptions

Trendmicro Apexone Op

MITRE

Status: PUBLISHED

Assigner: trendmicro

Published: 2026-05-21T13:02:30.024Z

Updated: 2026-05-22T03:55:41.422Z

Reserved: 2026-02-11T16:33:44.102Z

Link: CVE-2025-71214

Vulnrichment

Updated: 2026-05-21T14:02:33.274Z

NVD

Status : Undergoing Analysis

Published: 2026-05-21T14:16:44.017

Modified: 2026-05-21T15:16:21.100

Link: CVE-2025-71214

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-22T12:38:42Z

Weaknesses

CWE-346

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object