CVE-2025-71212
Undergoing Analysis Undergoing Analysis - In Progress
Link Following Vulnerability in Trend Micro Apex One Scan Engine

Publication date: 2026-05-21

Last updated on: 2026-05-22

Assigner: Trend Micro, Inc.

Description
A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-21
Last Modified
2026-05-22
Generated
2026-06-17
AI Q&A
2026-05-21
EPSS Evaluated
2026-06-16
NVD
CVE-2025-71212
EUVD
EUVD-2025-209914
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
trendmicro apex_one to 14.0.20315 (exc)
trendmicro apex_one to 14.0.0.14136 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-59 The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-71212 is a local privilege escalation vulnerability in the Trend Micro Apex One scan engine on Windows systems. It involves a link following weakness (symbolic link issue) that allows a local attacker, who already has the ability to execute low-privileged code, to escalate their privileges to a higher level, such as SYSTEM.

The vulnerability is tracked under CWE-59 and affects the Virus Scan Engine's VSApiNt.sys driver, enabling arbitrary file deletion and privilege escalation.

Impact Analysis

This vulnerability can allow an attacker with limited access to escalate their privileges to SYSTEM level on the affected system. This means the attacker could execute arbitrary code with the highest privileges, potentially leading to full control over the system.

Such an escalation could result in unauthorized access, modification, or deletion of files, disruption of services, and compromise of sensitive data.

Mitigation Strategies

To mitigate the CVE-2025-71212 vulnerability, you should immediately update the Trend Micro Apex One scan engine to the latest build, specifically Build 14136 or later, which contains the critical patch addressing this issue.

Since exploitation requires an attacker to already have low-privileged code execution on the system, it is also important to ensure that your systems are protected against initial code execution vulnerabilities and to monitor for suspicious activities.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-71212. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart