CVE-2025-71217 - Vulnerability Details

Description

An origin validation error vulnerability in the Trend Micro Apex One (mac) agent self-protection mechanism could allow a local attacker to escalate privileges on affected installations.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

The following information is provided as informational only for CVE references, as these were addressed already via ActiveUpdate/SaaS updates in mid to late 2025 (SaaS 2507 & 2005 Yearly Release).

Published: 2026-05-21

Score: 7.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

An origin validation error in the self‑protection mechanism of Trend Micro Apex One for Mac can give a local attacker the ability to elevate privileges. The flaw causes the agent to fail to verify the source of an operation, allowing code that is initially run with low privileges to acquire higher authority. If successful, an attacker could gain full control of the machine, but the vulnerability requires local code execution as a prerequisite.

Affected Systems

Trend Micro Apex One for Mac on macOS is affected. No specific product version is listed in the advisory; installations that have not received the mid‑late 2025 updates (SaaS 2507 or the 2005 Yearly Release) remain vulnerable.

Risk and Exploitability

The CVSS score of 7.8 signals high severity, yet the exploitability is constrained to local attackers who can already run code on the target. EPSS data is not available and the vulnerability is not in CISA KEV, indicating no known widespread exploitation. Nonetheless, if an attacker can introduce low‑privileged code, the local privilege escalation could be leveraged for broader damage.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Trend Micro, Inc.

TrendAI Apex One (Mac)

affected

Version	Status	Constraints
`NA`	affected	< NA

No data.

Vendor Product Confidence Versions

Trendmicro

Apexone Op

100%

Version	Status	Scheme	Platform
`—`	affected	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Install the latest Trend Micro Apex One for Mac updates, specifically the SaaS 2507 or 2005 Yearly Release patches that resolve the origin validation flaw.
Enforce least privilege for local user accounts and restrict the ability to execute unsigned or unfamiliar binaries.
Deploy application whitelisting or a layered defense strategy to block unauthorized local code execution until the official patch is applied.

Generated by OpenCVE AI on May 21, 2026 at 17:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00007.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://success.trendmicro.com/en-US/solution/KA-0022458
https://www.zerodayinitiative.com/advisories/ZDI-26-143/

History

Fri, 22 May 2026 13:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Trendmicro Trendmicro apexone Op
Vendors & Products		Trendmicro Trendmicro apexone Op

Thu, 21 May 2026 17:15:00 +0000

Type	Values Removed	Values Added
Title	Origin Validation Error in Trend Micro Apex One Mac Exploitable for Local Privilege Escalation

Thu, 21 May 2026 16:15:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-20 CWE-284

Thu, 21 May 2026 15:15:00 +0000

Type	Values Removed	Values Added
Title		Origin Validation Error in Trend Micro Apex One Mac Exploitable for Local Privilege Escalation
Weaknesses		CWE-20 CWE-284

Thu, 21 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-346
Metrics		cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 21 May 2026 13:45:00 +0000

Type	Values Removed	Values Added
Description		An origin validation error vulnerability in the Trend Micro Apex One (mac) agent self-protection mechanism could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The following information is provided as informational only for CVE references, as these were addressed already via ActiveUpdate/SaaS updates in mid to late 2025 (SaaS 2507 & 2005 Yearly Release).
References		https://success.trendmicro.com/en-US/solution/KA-0022458 https://www.zerodayinitiative.com/advisories/ZDI-26-143/

Subscriptions

Trendmicro Apexone Op

MITRE

Status: PUBLISHED

Assigner: trendmicro

Published: 2026-05-21T13:03:01.793Z

Updated: 2026-05-21T13:53:32.056Z

Reserved: 2026-02-11T16:33:44.102Z

Link: CVE-2025-71217

Vulnrichment

Updated: 2026-05-21T13:53:03.658Z

NVD

Status : Undergoing Analysis

Published: 2026-05-21T14:16:44.350

Modified: 2026-05-21T15:16:22.223

Link: CVE-2025-71217

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-22T12:38:38Z

Weaknesses

CWE-346

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object