Critical Trend Micro Apex One Vulnerabilities Allows Malicious Code Execution

Trend Micro published an advisory for multiple Apex One vulnerabilities (CVE-2025-71210 through CVE-2025-71217), including two critical management-console directory traversal RCEs (CVSS 9.8) that allow attackers with access to the Apex One Management Console to upload and execute malicious code, plus several local privilege escalation issues affecting Windows and informational macOS fixes; Trend Micro advises updating to the latest builds and applying source-access restrictions, noting SaaS customers may be mitigated.