CVE-2025-71214

Published: Mag 21, 2026 Last Modified: Mag 21, 2026
ExploitDB:
Other exploit source:
Google Dorks:

Description

AI Translation Available

An origin validation error vulnerability in the Trend Micro Apex One (mac) agent iCore service could allow a local attacker to escalate privileges on affected installations.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

The following information is provided as informational only for CVE references, as these were addressed already via ActiveUpdate/SaaS updates in mid to late 2025 (SaaS 2507 & 2005 Yearly Release).

https://success.trendmicro.com/en-US/solution/KA-0022458
https://success.trendmicro.com/en-US/solution/KA-0022458
https://www.zerodayinitiative.com/advisories/ZDI-26-139/
https://www.zerodayinitiative.com/advisories/ZDI-26-139/