CVE-2025-71214

7.8 HIGH

An origin validation error vulnerability in the Trend Micro Apex One (mac) agent iCore service could allow a local attacker to escalate p...

Published: 2026-05-21 · Last updated: 2026-06-05

Severity and scoring

CVSS: 7.8 HIGH
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-346

Affected products

Vendor	Product
trendmicro	apex_one

Description

An origin validation error vulnerability in the Trend Micro Apex One (mac) agent iCore service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The following information is provided as informational only for CVE references, as these were addressed already via ActiveUpdate/SaaS updates in mid to late 2025 (SaaS 2507 & 2005 Yearly Release).

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2025-71214
[Vendor advisory]https://success.trendmicro.com/en-US/solution/KA-0022458
[Other]https://www.zerodayinitiative.com/advisories/ZDI-26-139/

Related CVEs

Same vendor

CVE-2025-71217 — An origin validation error vulnerability in the Trend Micro Apex One (mac) agent self-protection mechanism could allow a local attacker t... (7.8 HIGH)
CVE-2025-71216 — A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent cache mechanism could allow a local attacker to escalat... (7.8 HIGH)
CVE-2025-71215 — A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent iCore service signature verification could allow a loca... (7.0 HIGH)

Same CWE

CVE-2026-12304 — Same-origin policy bypass in the Networking: Cookies component (9.1 CRITICAL)
CVE-2026-47825 — Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies in certain configuration scenarios (8.6 HIGH)
CVE-2026-9595 — Impact: When a user-configured proxy on webpack-dev-server has a broad context (e.g (5.3 MEDIUM)
CVE-2026-11624 — The Model Context Protocol has a security warning advising servers to validate the "Origin" header on all incoming connections to prevent...
CVE-2026-45173 — Idira Identity Browser Extension (Chrome, Firefox, and Edge builds) versions prior to 26.8.1 exhibit an origin validation flaw within its...