CVE-2025-71213
Undergoing Analysis Undergoing Analysis - In Progress
Privilege Escalation in Trend Micro Apex One

Publication date: 2026-05-21

Last updated on: 2026-05-22

Assigner: Trend Micro, Inc.

Description
An origin validation error vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-21
Last Modified
2026-05-22
Generated
2026-06-10
AI Q&A
2026-05-21
EPSS Evaluated
2026-06-09
NVD
CVE-2025-71213
EUVD
EUVD-2025-209913
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
trendmicro apex_one to 14.0.20315 (exc)
trendmicro apex_one to 14.0.0.14136 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-346 The product does not properly verify that the source of data or communication is valid.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-71213 is a vulnerability in Trend Micro Apex One caused by an origin validation error in the Apex One NT Listener service. This flaw allows a local attacker, who already has the ability to execute low-privileged code on the target system, to escalate their privileges. The vulnerability arises because the service does not properly validate the origin of commands, enabling attackers to execute arbitrary code with SYSTEM-level privileges.

Impact Analysis

This vulnerability can have a significant impact as it allows an attacker with limited access to escalate their privileges to SYSTEM level. This means the attacker could gain full control over the affected system, potentially leading to unauthorized access to sensitive data, modification or deletion of critical information, and disruption of system availability.

Detection Guidance

This vulnerability involves an origin validation error in the Apex One NT Listener service that allows local privilege escalation. Detection would require identifying if the Apex One NT Listener service is running and if there are any suspicious local executions of low-privileged code attempting to escalate privileges.

Since exploitation requires local code execution, monitoring for unusual local process behavior or privilege escalation attempts related to the Apex One service is recommended.

Specific commands to check the status of the Apex One NT Listener service on a Windows system could include:

  • sc query "Apex One NT Listener"
  • tasklist /FI "IMAGENAME eq ApexOneNTListener.exe"

Additionally, reviewing event logs for privilege escalation attempts or suspicious local code execution related to Apex One may help detect exploitation attempts.

Mitigation Strategies

The immediate mitigation step is to apply the security update released by Trend Micro that addresses this vulnerability in Apex One.

Since exploitation requires prior local code execution, restricting local user permissions and monitoring for unauthorized code execution can reduce risk.

Additionally, ensure that the Apex One NT Listener service is running with the least privileges necessary and consider temporarily disabling or restricting access to this service if feasible until the patch is applied.

Compliance Impact

The vulnerability allows local attackers to escalate privileges and execute arbitrary code with SYSTEM privileges, which can lead to unauthorized access and potential compromise of sensitive data.

Such unauthorized access and potential data compromise could negatively impact compliance with standards and regulations like GDPR and HIPAA, which require protection of confidentiality, integrity, and availability of sensitive information.

However, the provided information does not explicitly detail the direct effects on compliance with these regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-71213. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart