CVE-2025-71216 - Vulnerability Details

- Local Privilege Escalation via Trend Micro Apex One macOS Agent Cache Time‑Of‑Check/TID Vulnerability

Description

A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent cache mechanism could allow a local attacker to escalate privileges on affected installations.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

The following information is provided as informational only for CVE references, as these were addressed already via ActiveUpdate/SaaS updates in mid to late 2025 (SaaS 2507 & 2005 Yearly Release).

Published: 2026-05-21

Score: 7.8 High

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

A time‑of‑check time‑of‑use flaw in the Trend Micro Apex One agent cache mechanism on macOS allows an attacker who already has local, low‑privileged code execution to gain higher privileges on the device. This vulnerability arises from improper verification of cached data before it is used, enabling an elevated privilege state when exploited. The resulting privilege escalation could permit the attacker to perform system‑level actions such as modifying settings or installing software.

Affected Systems

Trend Micro Apex One for macOS (no specific version information available) is affected until the vendor releases an update. The flaw was addressed in mid to late 2025 with ActiveUpdate and SaaS updates (SaaS 2507 & 2005 Yearly Release); any installation that has not yet applied these updates remains vulnerable.

Risk and Exploitability

The flaw permits local privilege escalation; an attacker must first obtain low‑privileged code execution on the target system to exploit it. Once local code execution is achieved, it is inferred that the attacker could gain elevated privileges, allowing further system modifications. The EPSS score is not provided and the vulnerability is not listed in CISA's KEV catalog. The CVSS score of 7.8 classifies this flaw as high severity. Based on the description, the likelihood of immediate exploitation is uncertain, and the extent to which adversaries may develop payloads remains unconfirmed. Prompt updating mitigates the risk.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Trend Micro, Inc.

TrendAI Apex One (Mac)

affected

Version	Status	Constraints
`NA`	affected	< NA

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest ActiveUpdate or SaaS 2507 & 2005 Yearly Release updates for Trend Micro Apex One on macOS.
Verify that the agent cache is properly invalidated or refreshed before use, following CWE-367 guidelines.
Restrict local user accounts that can execute code, limiting the attack surface for low‑privileged code execution.
Monitor system logs for anomalous cache access or privilege escalation attempts.

Generated by OpenCVE AI on May 21, 2026 at 19:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://success.trendmicro.com/en-US/solution/KA-0022458
https://www.zerodayinitiative.com/advisories/ZDI-26-142/

History

Thu, 21 May 2026 20:00:00 +0000

Type	Values Removed	Values Added
Title		Local Privilege Escalation via Trend Micro Apex One macOS Agent Cache Time‑Of‑Check/TID Vulnerability

Thu, 21 May 2026 17:15:00 +0000

Type	Values Removed	Values Added
Title	Privilege Escalation via Cache Mechanism in Trend Micro Apex One (Mac)
Weaknesses	CWE-665

Thu, 21 May 2026 15:00:00 +0000

Type	Values Removed	Values Added
Title		Privilege Escalation via Cache Mechanism in Trend Micro Apex One (Mac)
Weaknesses		CWE-665

Thu, 21 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-367
Metrics		cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 21 May 2026 13:45:00 +0000

Type	Values Removed	Values Added
Description		A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent cache mechanism could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The following information is provided as informational only for CVE references, as these were addressed already via ActiveUpdate/SaaS updates in mid to late 2025 (SaaS 2507 & 2005 Yearly Release).
References		https://success.trendmicro.com/en-US/solution/KA-0022458 https://www.zerodayinitiative.com/advisories/ZDI-26-142/

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: trendmicro

Published: 2026-05-21T13:02:52.196Z

Updated: 2026-05-21T13:58:40.131Z

Reserved: 2026-02-11T16:33:44.102Z

Link: CVE-2025-71216

Vulnrichment

Updated: 2026-05-21T13:55:25.038Z

NVD

Status : Undergoing Analysis

Published: 2026-05-21T14:16:44.240

Modified: 2026-05-21T15:16:22.037

Link: CVE-2025-71216

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-21T19:45:17Z

Weaknesses

CWE-367

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object