Trend Micro Confirms Active Exploitation of Critical Apex One Flaws in On-Premise Systems

Aug 06, 2025Ravie LakshmananVulnerability / Endpoint Security

Trend Micro has released mitigations to address critical security flaws in on-premise versions of Apex One Management Console that it said have been exploited in the wild.

The vulnerabilities (CVE-2025-54948 and CVE-2025-54987), both rated 9.4 on the CVSS scoring system, have been described as management console command injection and remote code execution flaws.

“A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations,” the cybersecurity company said in a Tuesday advisory.

While both shortcomings are essentially the same, CVE-2025-54987 targets a different CPU architecture. The Trend Micro Incident Response (IR) Team and Jacky Hsieh at CoreCloud Tech have been credited with reporting the two flaws.

According to ZeroPath, CVE-2025-54948 stems from a lack of sufficient input validation in the management console’s backend, thereby allowing a remote attacker with access to the management console interface to craft payloads that inject malicious operating system commands and result in remote code execution.

There are currently no details on how the issues are being exploited in real-world attacks. Trend Micro said it “observed at least one instance of an attempt to actively exploit one of these vulnerabilities in the wild.”

Mitigations for Trend Micro Apex One as a Service and Trend Vision One Endpoint Security – Standard Endpoint Protection have already been deployed as of July 31, 2025. A short-term solution for on-premise versions is available in the form of a fix tool. A formal patch for the vulnerabilities is expected to be released in mid-August 2025.

However, Trend Micro pointed out that while the tool fully protects against known exploits, it will disable the ability for administrators to utilize the Remote Install Agent function to deploy agents from the Trend Micro Apex One Management Console. It emphasized that other agent install methods, such as UNC path or agent package, are unaffected.

“Exploiting these type of vulnerabilities generally require that an attacker has access (physical or remote) to a vulnerable machine,” the company said. “In addition to timely application of patches and updated solutions, customers are also advised to review remote access to critical systems and ensure policies and perimeter security is up-to-date.”

Another prerequisite for successful exploitation is that the attacker must have access to the Trend Micro Apex One Management Console. Therefore, customers that have their console’s IP address exposed externally are recommended to implement source restrictions if not already applied.

Upgrade your audio game with the Logitech for Creators Blue Yeti USB Microphone. With over 33,730 ratings and an impressive 4.6 out of 5 stars, it’s no wonder this is an Amazon’s Choice product. Recently, 5K+ units were purchased in the past month.

Available in five stunning colors: Teal, Silver, Pink Dawn, Midnight Blue, and Blackout, this microphone is perfect for creators looking to produce exceptional audio. Priced at only $84.99, it’s a deal you can’t afford to miss.

Elevate your recordings with clear broadcast-quality sound and explore your creativity with enhanced effects, advanced modulation, and HD audio samples. Order now for just $84.99 on Amazon!

Help Power Techcratic’s Future – Scan To Support

If Techcratic’s content and insights have helped you, consider giving back by supporting the platform with crypto. Every contribution makes a difference, whether it’s for high-quality content, server maintenance, or future updates. Techcratic is constantly evolving, and your support helps drive that progress.

As a solo operator who wears all the hats, creating content, managing the tech, and running the site, your support allows me to stay focused on delivering valuable resources. Your support keeps everything running smoothly and enables me to continue creating the content you love. I’m deeply grateful for your support, it truly means the world to me! Thank you!