{"api_version":"1","generated_at":"2026-06-02T17:42:01+00:00","cve":"CVE-2025-71210","urls":{"html":"https://cve.report/CVE-2025-71210","api":"https://cve.report/api/cve/CVE-2025-71210.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-71210","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-71210"},"summary":{"title":"CVE-2025-71210","description":"A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations.\r\n\r\nPlease note: although this vulnerability carries a technical critical CVSS rating, this was reported via responsible disclosure via a researcher through the Zero Day Initiative. The SaaS versions of the product have already been mitigated and no customer action required.\r\n\r\nFor this particular vulnerability, an attacker must have access to the Trend Micro Apex One Management Console, so customers that have their console�s IP address exposed externally should consider mitigating factors such as source restrictions if not already applied.","state":"PUBLISHED","assigner":"trendmicro","published_at":"2026-05-21 14:16:43","updated_at":"2026-05-21 15:05:28"},"problem_types":["CWE-22","CWE-22 CWE-22: Improper Limitation of a Pathname to a Restricted Directory"],"metrics":[{"version":"3.1","source":"security@trendmicro.com","type":"Secondary","score":"9.8","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"9.8","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}}],"references":[{"url":"https://success.trendmicro.com/en-US/solution/KA-0022458","name":"https://success.trendmicro.com/en-US/solution/KA-0022458","refsource":"security@trendmicro.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-26-136/","name":"https://www.zerodayinitiative.com/advisories/ZDI-26-136/","refsource":"security@trendmicro.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-71210","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-71210","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Trend Micro, Inc.","product":"TrendAI Apex One","version":"affected 2019 (14.0) 14.0.0.14136 semver","platforms":[]},{"source":"CNA","vendor":"Trend Micro, Inc.","product":"TrendAI Apex One as a Service","version":"affected SaaS 14.0.20315 semver","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2025","cve_id":"71210","cve":"CVE-2025-71210","epss":"0.005520000","percentile":"0.682920000","score_date":"2026-05-28","updated_at":"2026-05-29 00:13:16"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2025-71210","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2026-05-21T14:10:09.359975Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-05-21T14:10:17.269Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"cpes":["cpe:2.3:a:trendmicro:apexone_op:14.0.0.14136:*:*:*:*:*:*:*"],"product":"TrendAI Apex One","vendor":"Trend Micro, Inc.","versions":[{"lessThan":"14.0.0.14136","status":"affected","version":"2019 (14.0)","versionType":"semver"}]},{"cpes":["cpe:2.3:a:trendmicro:apexone_saas:14.0.0.20315:*:*:*:*:*:*:*"],"product":"TrendAI Apex One as a Service","vendor":"Trend Micro, Inc.","versions":[{"lessThan":"14.0.20315","status":"affected","version":"SaaS","versionType":"semver"}]}],"descriptions":[{"lang":"en","value":"A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations.\r\n\r\nPlease note: although this vulnerability carries a technical critical CVSS rating, this was reported via responsible disclosure via a researcher through the Zero Day Initiative. The SaaS versions of the product have already been mitigated and no customer action required.\r\n\r\nFor this particular vulnerability, an attacker must have access to the Trend Micro Apex One Management Console, so customers that have their console�s IP address exposed externally should consider mitigating factors such as source restrictions if not already applied."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-22","description":"CWE-22: Improper Limitation of a Pathname to a Restricted Directory","lang":"en-US","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-05-21T13:01:53.937Z","orgId":"7f7bd7df-cffe-4fdb-ab6d-859363b89272","shortName":"trendmicro"},"references":[{"url":"https://success.trendmicro.com/en-US/solution/KA-0022458"},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-26-136/"}]}},"cveMetadata":{"assignerOrgId":"7f7bd7df-cffe-4fdb-ab6d-859363b89272","assignerShortName":"trendmicro","cveId":"CVE-2025-71210","datePublished":"2026-05-21T13:01:53.937Z","dateReserved":"2026-02-11T16:33:44.101Z","dateUpdated":"2026-05-21T14:10:17.269Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-05-21 14:16:43","lastModifiedDate":"2026-05-21 15:05:28","problem_types":["CWE-22","CWE-22 CWE-22: Improper Limitation of a Pathname to a Restricted Directory"],"metrics":{"cvssMetricV31":[{"source":"security@trendmicro.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"71210","Ordinal":"1","Title":"CVE-2025-71210","CVE":"CVE-2025-71210","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"71210","Ordinal":"1","NoteData":"A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations.\r\n\r\nPlease note: although this vulnerability carries a technical critical CVSS rating, this was reported via responsible disclosure via a researcher through the Zero Day Initiative. The SaaS versions of the product have already been mitigated and no customer action required.\r\n\r\nFor this particular vulnerability, an attacker must have access to the Trend Micro Apex One Management Console, so customers that have their console�s IP address exposed externally should consider mitigating factors such as source restrictions if not already applied.","Type":"Description","Title":"CVE-2025-71210"}]}}}