Indian authorities just raised the alarm for anyone running Trend Micro Apex One. CERT-In, the country’s cybersecurity watchdog, says there are some major security holes in several Trend Micro products—including Apex One 2019 (on-premises and SaaS), the macOS version, and Trend Vision One Endpoint. This warning isn’t minor; it’s rated “Critical” and comes straight from the government’s own Vulnerability Note CIVN-2026-0111, published on February 27, 2026.
CERT-In found a bunch of vulnerabilities buried in the core of Apex One
Directory traversal bugs in the management console (CVE-2025-71210 and CVE-2025-71211). In plain speak, attackers could upload malware and run whatever commands they want on your systems—remotely. That’s not all. There are also privilege escalation flaws in the scan engine (CVE-2025-71212 and CVE-2025-71213). If someone already has access, these bugs let them grab even more control, making it much easier for them to dig deeper and cause real damage. And over on Mac, there’s a problem with the iCore service (CVE-2025-71214) that could let someone nab elevated privileges without proper checks.
Who needs to worry about the new viruses?
This is not just a tech headache for IT admins, but CERT-In’s warning is further aimed at anyone responsible for keeping business systems safe—SOC teams, system engineers, CISOs, and cybersecurity pros. If you are running Apex One, your organisation’s data, operations and reputation are all at stake.
Attackers could easily use these flaws to break in, disrupt services, or swipe sensitive business info. It’s a real risk, especially for big companies relying on Apex One for protection.
What should you do?
Don’t wait. Check out the official CERT-In advisory and patch your systems right away—no excuses. The longer you leave these holes open, the bigger the target you become for hackers, both inside and outside your organisation. IT teams should double-check that all endpoint protection settings are current and keep an eye out for any weird activity on the network. Staying ahead of these threats means patching quickly and staying sharp with your cybersecurity routines.
The Indian Computer Emergency Response Team (commonly known as CERT-In), under the Ministry of Electronics and Information Technology(MiEIT), has issued a serious cybersecurity warning for users of Trend Micro Apex One.
In its Vulnerability Note CIVN-2026-0111, the government agency highlighted multiple security flaws affecting Apex One 2019 (on-premises and SaaS), Trend Micro Apex One for macOS, and Trend Vision One Endpoint – Standard Endpoint Protection (SaaS). The advisory, released on February 27, 2026, carries a “Critical” severity rating, signalling a high risk to organisations.