CVE-2025-71217
Analyzed Analyzed - Analysis Complete
Privilege Escalation in Trend Micro Apex One macOS Agent

Publication date: 2026-05-21

Last updated on: 2026-06-05

Assigner: Trend Micro, Inc.

Description
An origin validation error vulnerability in the Trend Micro Apex One (mac) agent self-protection mechanism could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The following information is provided as informational only for CVE references, as these were addressed already via ActiveUpdate/SaaS updates in mid to late 2025 (SaaS 2507 & 2005 Yearly Release).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-21
Last Modified
2026-06-05
Generated
2026-06-15
AI Q&A
2026-05-21
EPSS Evaluated
2026-06-14
NVD
CVE-2025-71217
EUVD
EUVD-2025-209915
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
trendmicro apex_one *
trendmicro apex_one *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-346 The product does not properly verify that the source of data or communication is valid.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a local privilege escalation issue in the Trend Micro Apex One Security Agent for macOS. It arises from an origin validation error in the agent's self-protection mechanism, specifically in the TmSelfProtect component. Because of insufficient validation of command origins, an attacker who already has the ability to run low-privileged code on the system can exploit this flaw to escalate their privileges to root and execute arbitrary code.

Impact Analysis

If exploited, this vulnerability allows a local attacker to gain root-level privileges on the affected system. This means the attacker can execute arbitrary code with the highest level of permissions, potentially leading to full system compromise, unauthorized access to sensitive data, and the ability to bypass security controls.

Mitigation Strategies

To mitigate this vulnerability, you should apply the updates released by Trend Micro that address this issue.

The vulnerability was fixed via ActiveUpdate/SaaS updates in mid to late 2025 (SaaS 2507 & 2005 Yearly Release). Ensuring your Trend Micro Apex One agent is updated to these versions or later will protect against this local privilege escalation flaw.

Compliance Impact

The provided information does not specify how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-71217. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart