CVE-2025-71211: CWE-22: Improper Limitation of a Pathname to a Restricted Directory in Trend Micro, Inc. TrendAI Apex One
A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is similar in scope to CVE-2025-71210 but affects a different executable. Please note: although this vulnerability carries a technical critical CVSS rating, this was reported via responsible disclosure via a researcher through the Zero Day Initiative. The SaaS versions of the product have already been mitigated and no customer action required. For this particular vulnerability, an attacker must have access to the Trend Micro Apex One Management Console, so customers that have their console�s IP address exposed externally should consider mitigating factors such as source restrictions if not already applied.
AI Analysis
Technical Summary
This vulnerability in Trend Micro Apex One management console allows remote attackers to perform directory traversal (CWE-22) to upload and execute malicious code. It is similar in scope to CVE-2025-71210 but affects a different executable component. The CVSS 3.1 base score is 9.8 (critical), reflecting network attack vector, no privileges or user interaction required, and high impact on confidentiality, integrity, and availability. The vulnerability was responsibly disclosed via the Zero Day Initiative. SaaS deployments are already mitigated, but on-premises customers with exposed management consoles should apply network-level restrictions.
Potential Impact
Successful exploitation can lead to full compromise of the affected Trend Micro Apex One management console, allowing remote code execution with high impact on confidentiality, integrity, and availability. This could enable attackers to control the security management infrastructure. However, exploitation requires access to the management console interface, which is typically restricted internally. No known exploits are reported in the wild at this time.
Mitigation Recommendations
No official patch or remediation level has been published yet for on-premises versions. Customers should restrict access to the Apex One management console by limiting IP exposure and applying source IP restrictions if the console is externally accessible. SaaS customers are already protected and require no action. Monitor vendor advisories for updates on official fixes.
CVE-2025-71211: CWE-22: Improper Limitation of a Pathname to a Restricted Directory in Trend Micro, Inc. TrendAI Apex One
Description
A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is similar in scope to CVE-2025-71210 but affects a different executable. Please note: although this vulnerability carries a technical critical CVSS rating, this was reported via responsible disclosure via a researcher through the Zero Day Initiative. The SaaS versions of the product have already been mitigated and no customer action required. For this particular vulnerability, an attacker must have access to the Trend Micro Apex One Management Console, so customers that have their console�s IP address exposed externally should consider mitigating factors such as source restrictions if not already applied.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in Trend Micro Apex One management console allows remote attackers to perform directory traversal (CWE-22) to upload and execute malicious code. It is similar in scope to CVE-2025-71210 but affects a different executable component. The CVSS 3.1 base score is 9.8 (critical), reflecting network attack vector, no privileges or user interaction required, and high impact on confidentiality, integrity, and availability. The vulnerability was responsibly disclosed via the Zero Day Initiative. SaaS deployments are already mitigated, but on-premises customers with exposed management consoles should apply network-level restrictions.
Potential Impact
Successful exploitation can lead to full compromise of the affected Trend Micro Apex One management console, allowing remote code execution with high impact on confidentiality, integrity, and availability. This could enable attackers to control the security management infrastructure. However, exploitation requires access to the management console interface, which is typically restricted internally. No known exploits are reported in the wild at this time.
Mitigation Recommendations
No official patch or remediation level has been published yet for on-premises versions. Customers should restrict access to the Apex One management console by limiting IP exposure and applying source IP restrictions if the console is externally accessible. SaaS customers are already protected and require no action. Monitor vendor advisories for updates on official fixes.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- trendmicro
- Date Reserved
- 2026-02-11T16:33:44.102Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a0f0c4a7b8e1438d0055961
Added to database: 5/21/2026, 1:44:42 PM
Last enriched: 5/21/2026, 2:01:20 PM
Last updated: 5/21/2026, 5:28:38 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.