Trend Micro Apex One Local Privilege Escalation Vulnerability (CVE-2025-71217) Patched
Trend Micro has released a patch for CVE-2025-71217, a local privilege escalation vulnerability in the Apex One Security Agent's TmSelfProtect component that allows low-privileged attackers to gain root access.
Trend Micro has released a security update to address a local privilege escalation vulnerability in its Apex One Security Agent, tracked as CVE-2025-71217 with a CVSS score of 7.8. The flaw resides in the TmSelfProtect component and stems from insufficient validation of the origin of commands, enabling an attacker with low-privileged code execution to escalate privileges to root.
The vulnerability was discovered and reported by researcher Lays (@_L4ys) of TRAPA Security. According to the advisory published by Trend Micro and the Zero Day Initiative (ZDI-26-143), an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this flaw. Once achieved, the attacker can leverage the origin validation error to execute arbitrary code in the context of root, effectively taking full control of the affected endpoint.
Trend Micro Apex One is a unified endpoint security solution widely deployed in enterprise environments. The vulnerability affects the Security Agent component, which is installed on endpoints to provide antivirus, anti-malware, and advanced threat protection. Given the high privileges that can be obtained, successful exploitation could lead to complete system compromise, including data theft, installation of persistent backdoors, and lateral movement within the network.
Trend Micro has issued a patch to correct the vulnerability. Customers are advised to apply the update as soon as possible. The advisory includes a link to the vendor's security bulletin: Trend Micro Solution KA-0022458. The disclosure timeline shows that the vulnerability was reported to Trend Micro on April 8, 2025, and the coordinated public release occurred on March 3, 2026.
This vulnerability is part of a broader pattern of privilege escalation flaws in endpoint security products, which are attractive targets for attackers seeking to disable security controls or gain elevated access. Organizations using Trend Micro Apex One should prioritize patching this vulnerability, especially on systems where users have low-privileged access that could be exploited as an initial foothold.