[Japanese]

JVNDB-2026-005746

Multiple vulnerabilities in Trend Micro Endpoint security products for enterprises (February 2026)

Overview

Trend Micro Incorporated has released security updates for Endpoint security products for enterprises.
Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN.
CVSS Severity (What is CVSS?)

Affected Products


Trend Micro, Inc.
  • Trend Micro Apex One (CVE-2025-71210, CVE-2025-71211, CVE-2025-71212, CVE-2025-71213)
  • Trend Micro Apex One SaaS (CVE-2025-71210, CVE-2025-71211, CVE-2025-71212, CVE-2025-71213)
  • Trend Micro Apex One (Mac) (CVE-2025-71214, CVE-2025-71215, CVE-2025-71216, CVE-2025-71217)
  • Trend Vision One Endpoint Security - Standard Endpoint Protection (CVE-2025-71210, CVE-2025-71211, CVE-2025-71212, CVE-2025-71213)

Impact

  • Remote code execution due to a directory traversal vulnerability in the console (CVE-2025-71210, CVE-2025-71211)
  • Local privilege escalation due to a link following vulnerability in the scan engine (CVE-2025-71212)
  • Local privilege escalation due to an origin validation error vulnerability (CVE-2025-71213)
  • Local privilege escalation due to an origin validation error vulnerability in the agent iCore service (CVE-2025-71214)
  • Local privilege escalation due to a time-of-check time-of-use (TOCTOU) race condition vulnerability in the agent iCore service signature verification (CVE-2025-71215)
  • Local privilege escalation due to a time-of-check time-of-use (TOCTOU) race condition vulnerability in the agent cache mechanism (CVE-2025-71216)
  • Local privilege escalation due to an origin validation error vulnerability in the agent self protection (CVE-2025-71217)
Solution

[Update the software]
Update the software to the latest version according to the information provided by Trend Micro Incorporated.
According to Trend Micro Incorporated, no user action is required regarding Trend Micro Apex One SaaS/Trend Vision One Endpoint Security - Standard Endpoint Protection for CVE-2025-71210 and CVE-2025-71211.

For more details, refer to the information provided by Trend Micro Incorporated.
Vendor Information

Trend Micro, Inc.
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2025-71210
  2. CVE-2025-71211
  3. CVE-2025-71212
  4. CVE-2025-71213
  5. CVE-2025-71214
  6. CVE-2025-71215
  7. CVE-2025-71216
  8. CVE-2025-71217
References

  1. JVN : JVNVU#92256509
Revision History

  • [2026/03/04]
      Web page was published

Date Public2026/03/03
Date First Published2026/03/04
Date Last Updated2026/03/04