Trend Micro has released a mitigation to address a critical security flaw in the on-premises version of the Apex One management console, which is said to have been exploited in the wild.
Both vulnerabilities rated 9.4 in the CVSS scoring system (CVE-2025-54948 and CVE-2025-54987) are described as flaws in management console command injection and remote code execution.
“A vulnerability in the Trend Microappex One (on-premises) management console allows a pre-recognized remote attacker to upload malicious code and execute commands for affected installations,” the cybersecurity company said in its advisory Tuesday.
The drawbacks of both are essentially the same, but CVE-2025-54987 targets a different CPU architecture. CoreCloud Tech’s Trend Micro Incident Response (IR) team and Jacky Hsieh are acknowledged to have reported two defects.
Currently there is no details on how the problem is being utilized in actual attacks. Trend Micro said it “we have observed at least one example of an attempt to actively exploit one of these vulnerabilities in the wild.”
As of July 31, 2025, Trend Micro Apex easing has already been implemented as a service. On-premises version of the short-term solution is available in the form of a fix tool. The official patch for the vulnerability is scheduled to be released in mid-August 2025.
However, Trend Micro pointed out that the tool provides full protection from known exploits, but disables the ability for administrators to take advantage of the remote installation agent feature to deploy agents from the Trend Micro Apex One management console. He emphasized that other agent installation methods, such as UNC paths and agent packages, are not affected.
“To exploit these types of vulnerabilities, attackers generally require access (physical or remote) to the vulnerable machine,” the company said. “In addition to timely applications of patches and updated solutions, we also recommend that customers check remote access to critical systems and ensure that policies and perimeter security are up to date.”
Source link
