CVE-2025-71216

7.8 HIGH

A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent cache mechanism could allow a local attacker to escalat...

Published: 2026-05-21 · Last updated: 2026-06-05

Severity and scoring

CVSS: 7.8 HIGH
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-367

Affected products

Vendor	Product
trendmicro	apex_one

Description

A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent cache mechanism could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The following information is provided as informational only for CVE references, as these were addressed already via ActiveUpdate/SaaS updates in mid to late 2025 (SaaS 2507 & 2005 Yearly Release).

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2025-71216
[Vendor advisory]https://success.trendmicro.com/en-US/solution/KA-0022458
[Other]https://www.zerodayinitiative.com/advisories/ZDI-26-142/

Related CVEs

Same vendor

CVE-2025-71217 — An origin validation error vulnerability in the Trend Micro Apex One (mac) agent self-protection mechanism could allow a local attacker t... (7.8 HIGH)
CVE-2025-71215 — A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent iCore service signature verification could allow a loca... (7.0 HIGH)
CVE-2025-71214 — An origin validation error vulnerability in the Trend Micro Apex One (mac) agent iCore service could allow a local attacker to escalate p... (7.8 HIGH)

Same CWE

CVE-2026-54228 — A time-of-check time-of-use (TOCTOU) race condition was found in the abrt-dbus D-Bus service's SetElement method (7.8 HIGH)
CVE-2026-53838 — OpenClaw before 2026.5.27 contains a state mutation vulnerability in node pairing reconnection that allows paired nodes to confuse approv... (9.8 CRITICAL)
CVE-2026-53831 — OpenClaw before 2026.5.18 contains a policy enforcement vulnerability in system.run safe-bin allowlist validation that allows shell expan... (8.3 HIGH)
CVE-2026-53822 — OpenClaw before 2026.5.18 contains a command injection vulnerability where shell wrapper argv could change between approval and execution (8.8 HIGH)
CVE-2026-54055 — Kitty is a cross-platform GPU based terminal (5.0 MEDIUM)