PT-2026-22853 · Trend Micro · Trendai Apex One
Published
2026-03-03
·
Updated
2026-05-21
·
CVE-2025-71216
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Trend Micro Apex One (mac) agent (affected versions not specified)
Description
A time-of-check time-of-use (TOCTOU) issue exists in the cache mechanism of the Trend Micro Apex One (mac) agent. A TOCTOU is a race condition where a system checks a condition (such as a file's existence or permissions) and then uses the result of that check, but the condition changes between the check and the use. This could allow a local attacker, who already has the ability to execute low-privileged code on the target system, to escalate their privileges.
Recommendations
Update the agent via ActiveUpdate or SaaS updates (SaaS 2507 & 2005 Yearly Release).
Fix
LPE
Time Of Check To Time Of Use
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Trendai Apex One