CVE-2025-71212
Link Following Vulnerability in Trend Micro Apex One Scan Engine
Publication date: 2026-05-21
Last updated on: 2026-05-21
Assigner: Trend Micro, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| trend_micro | apex_one | to 14136 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-59 | The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-71212 is a local privilege escalation vulnerability in the Trend Micro Apex One scan engine on Windows systems. It involves a link following weakness (symbolic link issue) that allows a local attacker, who already has the ability to execute low-privileged code, to escalate their privileges to a higher level, such as SYSTEM.
The vulnerability is tracked under CWE-59 and affects the Virus Scan Engine's VSApiNt.sys driver, enabling arbitrary file deletion and privilege escalation.
How can this vulnerability impact me? :
This vulnerability can allow an attacker with limited access to escalate their privileges to SYSTEM level on the affected system. This means the attacker could execute arbitrary code with the highest privileges, potentially leading to full control over the system.
Such an escalation could result in unauthorized access, modification, or deletion of files, disruption of services, and compromise of sensitive data.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the CVE-2025-71212 vulnerability, you should immediately update the Trend Micro Apex One scan engine to the latest build, specifically Build 14136 or later, which contains the critical patch addressing this issue.
Since exploitation requires an attacker to already have low-privileged code execution on the system, it is also important to ensure that your systems are protected against initial code execution vulnerabilities and to monitor for suspicious activities.