Trend Micro Apex Central SSRF Vulnerability (CVE-2025-71206) Allows Network Reconnaissance
A server-side request forgery vulnerability in Trend Micro Apex Central's Scheduled Update feature could allow authenticated attackers to probe internal networks.
Trend Micro has disclosed a server-side request forgery (SSRF) vulnerability in its Apex Central security management console, tracked as CVE-2025-71206. The flaw, reported by researcher Abdessamad Lahlali, resides in the Scheduled Update feature and could allow authenticated attackers to trick the server into making requests to arbitrary URLs, potentially exposing internal network resources.
The vulnerability, assigned a CVSS score of 4.4 (medium severity), requires authentication to exploit. According to the advisory from Trend Micro and the Zero Day Initiative, the specific flaw exists within the handling of URLs in the Scheduled Update feature. By providing a crafted URL, an attacker can cause the server to make a request to an incorrect URL, enabling improper access to network resources.
Trend Micro Apex Central is a centralized management platform used to administer Trend Micro products across an enterprise. The SSRF vulnerability could be leveraged by an attacker with valid credentials to probe internal networks, scan for open ports, or access services that are not intended to be exposed. While the CVSS score is moderate, the potential for lateral movement and data exfiltration makes it a significant concern for organizations using the product.
Trend Micro has released an update to address the vulnerability. Customers are advised to apply the latest patches as soon as possible. The advisory can be found at Trend Micro's support page. The disclosure timeline shows the vulnerability was reported on March 4, 2025, and the coordinated public release occurred on March 3, 2026.
This vulnerability highlights the ongoing risks associated with SSRF flaws in enterprise management consoles. Similar vulnerabilities in other products have been exploited to gain access to cloud metadata services or internal systems. Organizations using Trend Micro Apex Central should prioritize patching and review access controls to limit the impact of potential exploitation.