Origin Validation Error in Trend Micro Apex One (mac) Agent Self-Protection
CVE-2025-71217

7.8HIGH

Key Information:

Vendor: Trend Micro
Status: Trendai Apex One (mac)
Vendor: CVE Published:; 21 May 2026

🔔 Create Trend Micro Vulnerability Alert

What is CVE-2025-71217?

The vulnerability in the Trend Micro Apex One (mac) agent self-protection mechanism stems from an origin validation error, which could allow local attackers to escalate their privileges on affected installations. To exploit this vulnerability, an attacker needs first to execute low-privileged code on the target system. This security flaw could lead to unauthorized access and potential system compromises if left unaddressed. It is important to note that these issues have been resolved through ActiveUpdate/SaaS updates provided in 2025.

Affected Version(s)

TrendAI Apex One (Mac) NA

References

https://success.trendmicro.com/en-US/solution/KA-0022458

https://www.zerodayinitiative.com/advisories/ZDI-26-143/

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 21, 2026
Vulnerability Reserved
Feb 11, 2026

CVE-2025-71217 Data

JSON