好,我现在需要帮用户总结这篇文章的内容,控制在100字以内。首先,我得仔细阅读文章,抓住关键点。 文章主要讲的是Trend Micro修复了Apex One中的两个严重漏洞,这两个漏洞可能导致远程代码执行。CVSS评分都是9.8,说明风险很高。漏洞的编号是CVE-2025-71210和CVE-2025-71211。 接下来,文章提到这两个漏洞都涉及管理控制台的目录遍历问题。攻击者需要访问管理控制台才能利用这些漏洞。Trend Micro已经发布了补丁,并建议用户尽快更新。 另外,还有其他几个高危漏洞被修复,包括两个本地权限提升漏洞和四个影响macOS的问题。但目前没有迹象表明这些漏洞已经被利用。 用户的要求是用中文总结,不超过100字,不需要特定开头。所以我要把重点放在修复的两个关键漏洞、CVSS评分、影响范围以及建议更新上。 最后,确保语言简洁明了,信息完整。 </think> Trend Micro修复了Apex One中的两个严重漏洞(CVE-2025-71210和CVE-2025-71211),这些漏洞可能导致远程代码执行。CVSS评分为9.8,影响Windows系统。公司已发布补丁并敦促用户立即更新以防止攻击。 2026-2-26 21:35:51 Author: securityaffairs.com(查看原文) 阅读量:12 收藏
Trend Micro fixes two critical flaws in Apex One
Pierluigi Paganini
February 26, 2026
Trend Micro fixed two critical Apex One flaws enabling remote code execution on vulnerable Windows systems and urged immediate updates.
Trend Micro has addressed two critical vulnerabilities in Apex One that could allow attackers to achieve remote code execution on affected Windows systems. The company released security updates and strongly urged customers to apply the patches promptly to prevent potential exploitation and protect their environments from compromise.
Trend Micro Apex One is an all-in-one advanced endpoint security solution. It provides ransomware protection, zero-day threat defense, EDR, predictive machine learning, DLP, and virtual patching via a single agent.
The first vulnerability addressed by the security firm is a Console Directory Traversal Remote Code Execution issue tracked as CVE-2025-71210 (CVSS score of 9.8).
“A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations.” reads the advisory. “For this particular vulnerability, an attacker must have access to the Trend Micro Apex One Management Console, so customers that have their console’s IP address exposed externally should consider mitigating factors such as source restrictions if not already applied.”
The second vulnerability fixed by the company is a Console Directory Traversal Remote Code Execution issue, tracked as CVE-2025-71211 (CVSS score of 9.8). The report states that the vulnerability is similar in scope to CVE-2025-71210 but impacts a different executable.
“A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is similar in scope to CVE-2025-71210 but affects a different executable.” reads the report. “For this particular vulnerability, an attacker must have access to the Trend Micro Apex One Management Console, so customers that have their console’s IP address exposed externally should consider mitigating factors such as source restrictions if not already applied.”
The researchers Jacky Hsieh and Charles Yang @ CoreCloud Tech reported both flaws through the TrendAI’s Zero Day Initiative. The SaaS versions have already been mitigated, and no customer action is required.
Trend Micro addressed the vulnerabilities in the SaaS Apex One versions and released Critical Patch Build 14136.
The company also fixes two high-severity privilege escalation flaws (CVE-2025-71212: Scan Engine Link Following Local Privilege Escalation Vulnerability, CVE-2025-71213: Origin Validation Error Local Privilege Escalation Vulnerability) in the Windows agent and four issues impacting the macOS agent.
The cybersecurity firm did not reveal if these vulnerabilities have been exploited in attacks in the wild.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Trend Micro)
如有侵权请联系:admin#unsafe.sh