- 173/2025
- Critical
Trend Micro has released security updates to address several vulnerabilities affecting Trend Micro Apex One (On-prem) 2019, and Apex One Management Server version 14039 and below.
The addressed vulnerabilities could allow the remote attacker to execute arbitrary commands and gain access to the affected product.
Sample of addressed vulnerabilities:
Trend Micro Apex One Command Execution Vulnerability (CVE-2025-54948):
- CVSS: 9.4
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
It should be highlighted that Trend Micro is aware that one of these vulnerabilities is being actively exploited in the wild.
Vulnerabilities
- CVE-2025-54948
- CVE-2025-54987
Mitigations
The enterprise should implement short-term mitigation measures using the provided FixTool to protect against known exploits. Additionally, coordinate with the vendor to ensure prompt deployment of the official patch as soon as the testing phase is completed.