Trend Micro has recently identified and addressed two critical security vulnerabilities in its Apex One Management Console for on-premise systems. These vulnerabilities, designated as CVE-2025-54948 and CVE-2025-54987, both carry a severity rating of 9.4 on the Common Vulnerability Scoring System (CVSS). They pertain to command injection and remote code execution flaws within the management console, potentially allowing unauthorized remote attackers to upload and execute malicious code on affected systems.
Details of the Vulnerabilities
The primary concern revolves around a flaw in the Apex One (on-premise) management console that could enable a pre-authenticated remote attacker to upload malicious code and execute commands on compromised installations. While both vulnerabilities are fundamentally similar, CVE-2025-54987 specifically targets a different CPU architecture. These issues were reported by the Trend Micro Incident Response Team and Jacky Hsieh from CoreCloud Tech.
Active Exploitation Observed
Trend Micro has observed at least one instance of an attempt to actively exploit one of these vulnerabilities in real-world scenarios. However, specific details regarding the methods of exploitation remain undisclosed at this time.
Mitigation Measures and Patches
To address these vulnerabilities, Trend Micro has implemented the following measures:
– Apex One as a Service: Mitigations were deployed as of July 31, 2025.
– On-Premise Versions: A temporary fix tool is available to protect against known exploits. A formal patch is scheduled for release in mid-August 2025.
It’s important to note that while the fix tool offers protection, it disables the Remote Install Agent function used by administrators to deploy agents from the Apex One Management Console. Alternative agent installation methods, such as using UNC paths or agent packages, remain unaffected.
Recommendations for Users
Trend Micro advises users to:
– Apply the provided patches and updates promptly.
– Review and restrict remote access to critical systems.
– Ensure that security policies and perimeter defenses are current and robust.
Historical Context
This is not the first time Trend Micro has addressed critical vulnerabilities in its products. In September 2023, the company released patches for a zero-day vulnerability (CVE-2023-41179) in Apex One and Worry-Free Business Security solutions, which had been actively exploited in the wild. This flaw involved an arbitrary code execution vulnerability related to the products’ ability to uninstall third-party security products. Successful exploitation could allow an attacker to execute arbitrary code, provided they had access to the product’s administrative console.
Conclusion
The recent identification and mitigation of these critical vulnerabilities underscore the importance of proactive cybersecurity measures. Organizations utilizing Trend Micro’s Apex One should prioritize applying the recommended fixes and remain vigilant against potential exploitation attempts.
