[GHSA-vhc8-fg3x-3rvc] A vulnerability in the Trend Micro Apex One management...

advisories/unreviewed/2026/05/GHSA-vhc8-fg3x-3rvc/GHSA-vhc8-fg3x-3rvc.json

@@ -1,19 +1,37 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-vhc8-fg3x-3rvc",
-  "modified": "2026-05-21T15:34:09Z",
+  "modified": "2026-05-21T15:34:17Z",
   "published": "2026-05-21T15:34:09Z",
   "aliases": [
     "CVE-2025-71210"
   ],
-  "details": "A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations.\n\nPlease note: although this vulnerability carries a technical critical CVSS rating, this was reported via responsible disclosure via a researcher through the Zero Day Initiative. The SaaS versions of the product have already been mitigated and no customer action required.\n\nFor this particular vulnerability, an attacker must have access to the Trend Micro Apex One Management Console, so customers that have their console�s IP address exposed externally should consider mitigating factors such as source restrictions if not already applied.",
+  "summary": "Remote Code Execution via Console Path Traversal in Trend Micro Apex One",
+  "details": "### Summary\nA critical directory traversal vulnerability exists in the Trend Micro Apex One management console component (listening on TCP ports 8080 and 4343 by default). The flaw is caused by a lack of proper validation of a user-supplied string before using it within a system call. \n\n### Impact\nAn unauthenticated remote attacker with network access to the Apex One Management Console can exploit this vulnerability by submitting a maliciously crafted path traversal string. This allows the attacker to upload arbitrary code files outside of the intended web root directory and execute commands on the host Windows server with administrative privileges (`IUSR` context), potentially resulting in full system takeover.\n\n### Remediation\n* **On-Premise Deployments:** Immediately apply **Critical Patch Build 14136** (or later) for Trend Micro Apex One 2019 to completely fix the input processing routines.\n* **SaaS Deployments:** No manual action is required for Apex One as a Service instances, as Trend Micro has applied server-side mitigations directly to the cloud backend.\n* **Network Hardening:** Restrict management console access by implementing strict source IP firewall filtering rules to ensure the administration panels are never exposed to the public internet.",
   "severity": [
     {
       "type": "CVSS_V3",
       "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
     }
   ],
-  "affected": [],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "Trend_Micro_Apex_One_(On-Premise)"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ]
+    }
+  ],
   "references": [
     {
       "type": "ADVISORY",