The Indian Computer Emergency Response Team (CERT-In), under the Ministry of Electronics and Information Technology, has issued a critical vulnerability note for Trend Micro Apex One, warning users about multiple security flaws that could expose systems to remote attacks and privilege escalation.
According to CERT-In Vulnerability Note CIVN-2026-0111, the vulnerabilities affect Apex One 2019 (on-premises and SaaS), Trend Micro Apex One (macOS), and Trend Vision One Endpoint – Standard Endpoint Protection (SaaS). The advisory was originally issued on February 27, 2026, and carries a “Critical” severity rating.
What is the issue?
CERT-In said multiple vulnerabilities have been identified in Trend Micro Apex One components, including the management console, scan engine, and macOS agent.
One of the major flaws involves directory traversal vulnerabilities in the Apex One Management Console. These could allow a remote attacker to upload malicious files and execute arbitrary commands on affected installations. The advisory references CVE-2025-71210 and CVE-2025-71211 in this category.
In addition, multiple local privilege escalation vulnerabilities have been reported in the Apex One Scan Engine (CVE-2025-71212 and CVE-2025-71213). These issues could allow a locally authenticated attacker to gain elevated privileges on the system.
Another local privilege escalation vulnerability (CVE-2025-71214) affects the macOS Agent iCore service due to improper origin validation.
What Trend Micro has to say
In a statement shared with Moneycontrol, Trend Micro made it clear that the vulnerabilities were disclosed to customers, "The recent advisory issued by CERT-In relates to vulnerabilities in Trend Micro Apex One that were disclosed as part of our proactive and mandatory transparency process to keep customers informed and it is not in response to any security incident." Furthermore, the company said that there wasn't any impact on customers. "Patches and mitigation guidance have already been released to customers. Ongoing monitoring confirms our internal environments and customer deployments remain secure, with no reported customer impact."
Who is at risk?
The advisory is targeted at IT administrators, Security Operations Center (SOC) teams, cybersecurity analysts, system engineers, and executive management, including CISOs and IT leadership. CERT-In has warned that the risk includes service interruption and unauthorised access, with potential impact on the confidentiality, integrity, and availability of affected systems.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
