CVE-2025-71217
Privilege Escalation in Trend Micro Apex One macOS Agent
Publication date: 2026-05-21
Last updated on: 2026-05-21
Assigner: Trend Micro, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| trend_micro | apex_one | to 2025 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-346 | The product does not properly verify that the source of data or communication is valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a local privilege escalation issue in the Trend Micro Apex One Security Agent for macOS. It arises from an origin validation error in the agent's self-protection mechanism, specifically in the TmSelfProtect component. Because of insufficient validation of command origins, an attacker who already has the ability to run low-privileged code on the system can exploit this flaw to escalate their privileges to root and execute arbitrary code.
How can this vulnerability impact me? :
If exploited, this vulnerability allows a local attacker to gain root-level privileges on the affected system. This means the attacker can execute arbitrary code with the highest level of permissions, potentially leading to full system compromise, unauthorized access to sensitive data, and the ability to bypass security controls.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should apply the updates released by Trend Micro that address this issue.
The vulnerability was fixed via ActiveUpdate/SaaS updates in mid to late 2025 (SaaS 2507 & 2005 Yearly Release). Ensuring your Trend Micro Apex One agent is updated to these versions or later will protect against this local privilege escalation flaw.