Trend Micro has issued a critical alert regarding two actively exploited zero-day vulnerabilities in its Apex One endpoint security platform. These vulnerabilities are due to command injection flaws in the Apex One Management Console (on-premise) that allow pre-authenticated remote code execution. The company has released a mitigation tool and is planning to publish a permanent fix mid-August 2025.
1. CVE IDs: CVE-2025-54948 and CVE-2025-54987
2. CVSS Score: 9.4
3. Weakness: CWE-78 (OS Command Injection)
4. Description: Pre-authenticated remote code execution via malicious code injection on the management console.
5. Exploitation in the Wild
6. Affected Products
7. Fixed Version / Patch Info
A full critical patch for the on-premise version is expected mid-August 2025 and will restore Remote Install Agent functionality disabled by the temporary fix.
Enjoyed reading this Threat Intelligence Advisory? Stay updated with our latest exclusive content by following us on Twitter and LinkedIn
No related posts found.
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
This website uses the following additional cookies:
(List the cookies that you are using on the website here.)
More information about our Cookie Policy
