轉發 國家資安資訊分享與分析中心 資安訊息警訊 NISAC-200-202603-00000002

[內容說明]
研究人員發現Trend Micro Apex One管理主控台存在路徑遍歷(Path Traversal)漏洞(CVE-2025-71210與CVE-2025-71211)，當受影響產品之管理主控台服務可被存取時，未經身分鑑別之遠端攻擊者可利用此漏洞上傳惡意檔案並執行任意程式碼，請儘速確認並進行修補。

[影響平台]
Trend Micro Apex One 2019(On-prem)版本

[建議措施]
官方已針對漏洞釋出修復更新，請參考官方說明進行更新，網址如下： https://success.trendmicro.com/en-US/solution/KA-0022458

[參考資料]
1. https://www.zerodayinitiative.com/advisories/ZDI-26-136/
2. https://www.zerodayinitiative.com/advisories/ZDI-26-137/
3. https://success.trendmicro.com/en-US/solution/KA-0022458

Forwarded from National Cybersecurity Information Sharing and Analysis Center: Cybersecurity Alert NISAC-200-202603-00000002

[Content Description]
Researchers have discovered a path traversal vulnerability (CVE-2025-71210 and CVE-2025-71211) in the Trend Micro Apex One management console. When the management console service of the affected product becomes accessible, an unauthenticated remote attacker could exploit this vulnerability to upload malicious files and execute arbitrary code. Please confirm and patch this vulnerability as soon as possible.

[Affected Platforms]
Trend Micro Apex One 2019 (On-prem) version

[Recommended Actions]
The official update to fix the vulnerability has been released. Please refer to the official instructions to update. The URL is as follows: https://success.trendmicro.com/en-US/solution/KA-0022458

[References]
1. https://www.zerodayinitiative.com/advisories/ZDI-26-136/
2. https://www.zerodayinitiative.com/advisories/ZDI-26-137/
3. https://success.trendmicro.com/en-US/solution/KA-0022458