#VU123217 Path traversal in Apex One - CVE-2025-71211
Published: February 24, 2026 / Updated: March 4, 2026
Vulnerability identifier: #VU123217
Vulnerability risk: Critical
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Red
CVE-ID: CVE-2025-71211
CWE-ID: CWE-22
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Apex One
Apex One
Software vendor:
Trend Micro
Trend Micro
Description
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to input validation error when processing directory traversal sequences in the Trend Micro Apex One management console. A remote non-authenticated attacker can send a specially crafted HTTP request and read arbitrary files on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.
Remediation
Install updates from vendor's website.