The Digital Security Authority (DSA) wants to bring to your attention a vulnerability affecting Apex One.
Technical Details
Trend Micro has identified and addressed two vulnerabilities in Apex One security endpoint that allow attackers to achieve remote code execution on vulnerable Windows systems.
The CVE-2025-71210 is a path traversal vulnerability in the Trend Micro Apex One management console that allows attackers without the correct privileges to run code for malicious purposes on unpatched systems.
Trend Micro has already addressed this vulnerability along with one more vulnerability in the SaaS Apex One versions and made available the “Critical Patch Build 14136” which fixes two high-severity privilege escalation vulnerabilities in the Windows agents as well as the macOS agents.
Recommendations
The Digital Security Authority recommends applying the latest patch from Trend Micro in all your systems.
References
The information presented in this report is based on available data up to the 03rd of March 2026.