[Vulnerability Alert] High-Risk Security Vulnerabilities Found in Trend Micro Apex One Management Console (CVE-2025-71210 and CVE-2025-71211), Please Confirm and Patch Immediately

• Subject Explanation: [Vulnerability Alert] High-Risk Security Vulnerabilities Found in Trend Micro Apex One Management Console (CVE-2025-71210 and CVE-2025-71211), Please Confirm and Patch Immediately

• Content Description:
  • Forwarding National Information Security Analysis and Sharing Center (NISAC) Alert NISAC-200-202603-00000002
  • Researchers have discovered Path Traversal vulnerabilities (CVE-2025-71210 and CVE-2025-71211) in the Trend Micro Apex One management console. When the management console service of the affected product is accessible, an unauthenticated remote attacker could exploit these vulnerabilities to upload malicious files and execute arbitrary code. Please confirm and patch immediately.
• Impacted Platforms:
  • Trend Micro Apex One 2019 (On-prem) versions
• Suggested Measures:
  • The official vendor has released a repair update for the vulnerabilities; please refer to the official instructions to update. The URL is as follows: https://success.trendmicro.com/en-US/solution/KA-0022458
• References:
  1. https://www.zerodayinitiative.com/advisories/ZDI-26-136/
  2. https://www.zerodayinitiative.com/advisories/ZDI-26-137/
  3. https://success.trendmicro.com/en-US/solution/KA-0022458

Computer and Communication Center
Network Systems Division