Vulnerability cyber

Trend Micro

Aug 6, 2025 1 min read
Trend Micro

Trend Micro has identified an actively exploited remote code execution vulnerability in its Apex One endpoint security platform, tracked as CVE-2025-54948 and CVE-2025-54987. This flaw allows pre-authenticated attackers to execute arbitrary code remotely on unpatched systems due to a command injection weakness in the Apex One Management Console. While no security updates are available yet, Trend Micro has released a mitigation tool that disables the Remote Install Agent function. The company has observed at least one exploitation attempt in the wild and expects to release a patch by mid-August 2025. The vulnerability poses a significant risk, especially if the console's IP address is exposed externally.

Source: https://www.bleepingcomputer.com/news/security/trend-micro-warns-of-endpoint-protection-zero-day-exploited-in-attacks/

TPRM report: https://www.rankiteo.com/company/trend-micro

"id": "tre302080925",
"linkid": "trend-micro",
"type": "Vulnerability",
"date": "8/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Cybersecurity',
                        'name': 'Trend Micro',
                        'type': 'Company'}],
 'attack_vector': 'Command Injection',
 'customer_advisories': 'Advisory issued to customers',
 'description': 'Trend Micro has warned customers to immediately secure their '
                'systems against an actively exploited remote code execution '
                'vulnerability in its Apex One endpoint security platform. The '
                'critical security flaw (CVE-2025-54948 and CVE-2025-54987) is '
                'due to a command injection weakness in the Apex One '
                'Management Console (on-premise) that enables '
                'pre-authenticated attackers to execute arbitrary code '
                'remotely on systems running unpatched software.',
 'impact': {'operational_impact': 'Temporary loss of remote management '
                                  'capabilities'},
 'post_incident_analysis': {'corrective_actions': 'Security patches to be '
                                                  'released mid-August',
                            'root_causes': 'Command injection weakness in the '
                                           'Apex One Management Console'},
 'recommendations': 'Promptly secure vulnerable endpoints, apply source '
                    "restrictions if the console's IP address is exposed "
                    'externally, update to the latest builds as soon as '
                    'possible',
 'references': [{'source': 'Trend Micro Advisory'}],
 'response': {'communication_strategy': 'Advisory issued',
              'containment_measures': 'Mitigation tool released',
              'remediation_measures': 'Security patches coming mid-August'},
 'title': 'Trend Micro Apex One Remote Code Execution Vulnerability',
 'type': 'Remote Code Execution Vulnerability',
 'vulnerability_exploited': ['CVE-2025-54948', 'CVE-2025-54987']}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.