Trend Micro Apex Central Hub Server SSRF Vulnerability (CVE-2025-71205) Patched
Trend Micro has released a patch for a server-side request forgery vulnerability in Apex Central Hub Server that could allow authenticated attackers to access internal network resources.
Trend Micro has issued a security update to address a server-side request forgery (SSRF) vulnerability in its Apex Central Hub Server, tracked as CVE-2025-71205. The flaw, disclosed by the Zero Day Initiative (ZDI-26-144), was reported by researcher Abdessamad Lahlali of Trend Micro and carries a CVSS score of 4.4, indicating moderate severity.
The vulnerability resides in the handling of hub server URLs. An authenticated attacker can craft a malicious URL that causes the server to make a request to an unintended destination. This SSRF flaw could be leveraged to gain improper access to internal network resources that would otherwise be protected from external access. While authentication is required to exploit the issue, the potential for lateral movement within an enterprise network makes it a significant concern for organizations using Trend Micro Apex Central.
Trend Micro Apex Central is a centralized management console used by enterprises to manage and monitor Trend Micro security products across their environment. Because the hub server often has elevated network privileges to communicate with other internal systems, an SSRF vulnerability could allow an attacker to probe internal services, access sensitive data, or pivot to other systems. The CVSS vector (AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N) reflects the need for high privileges and complex attack conditions, but the scope change indicates that a compromised hub server can impact resources beyond its original security boundary.
Trend Micro has released a patch to correct the vulnerability, with details available in their security advisory at https://success.trendmicro.com/en-US/solution/KA-0022071. The disclosure timeline shows the vulnerability was reported to Trend Micro on March 4, 2025, and the coordinated public advisory was released on March 3, 2026. Organizations using Trend Micro Apex Central are urged to apply the patch promptly to mitigate the risk of internal network reconnaissance or data exposure.
SSRF vulnerabilities have become a growing concern in enterprise software, as they can bypass traditional perimeter defenses by abusing trusted server-to-server communications. Recent high-profile SSRF flaws in products like Microsoft Exchange and various cloud services have demonstrated the potential for severe impact, including full network compromise. While CVE-2025-71205 requires authentication and has a lower CVSS score, it underscores the importance of rigorous input validation in management consoles that handle user-supplied URLs.
Trend Micro has not reported any active exploitation of this vulnerability in the wild. However, given the centralized role of Apex Central in enterprise environments, security teams should prioritize patching and review network segmentation around hub servers to limit the blast radius of any potential SSRF attack.