PT-2026-22852 · Trend Micro · Trendai Apex One
Published
2026-03-03
·
Updated
2026-05-21
·
CVE-2025-71215
CVSS v3.1
7.0
High
| Vector | AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Trend Micro Apex One (mac) agent (affected versions not specified)
Description
A time-of-check time-of-use (TOCTOU) issue exists in the iCore service signature verification. A TOCTOU is a race condition where a system checks a condition (such as a security credential) and then uses the result of that check, but the condition changes between the check and the use. This could allow a local attacker who already has the ability to execute low-privileged code on the target system to escalate their privileges.
Recommendations
Update the software via ActiveUpdate or SaaS updates to the SaaS 2507 or 2005 Yearly Release.
Fix
LPE
Time Of Check To Time Of Use
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Trendai Apex One