Ethical Hacking News
A critical vulnerability in on-premise versions of Trend Micro's Apex One Management Console has been discovered and exploited in the wild. According to recent reports, two vulnerabilities have been identified as management console command injection and remote code execution flaws. This article provides an in-depth look at these vulnerabilities, their impact, and the measures being taken by Trend Micro to mitigate the risks associated with them.
Trend Micro's Apex One Management Console has been found to have two critical vulnerabilities (CVE-2025-54948 and CVE-2025-54987). The vulnerabilities are rated 9.4 on the CVSS scoring system, posing a risk of command injection and remote code execution. Trend Micro's Incident Response Team and CoreCloud Tech reported the vulnerabilities. A fix tool is available to mitigate the risks associated with these vulnerabilities until a formal patch is released in mid-August 2025. The fix tool disables Remote Install Agent functionality but leaves other agent install methods unaffected. Trend Micro advises customers to review remote access and ensure policies and perimeter security are up-to-date.
Recently, a critical vulnerability in on-premise versions of Trend Micro's Apex One Management Console has been discovered and exploited in the wild. According to recent reports, two vulnerabilities (CVE-2025-54948 and CVE-2025-54987) rated 9.4 on the CVSS scoring system have been identified as management console command injection and remote code execution flaws.
These vulnerabilities were reported by Trend Micro's Incident Response Team and Jacky Hsieh at CoreCloud Tech, although there is currently no information available about how these issues are being exploited in real-world attacks. However, it has been confirmed that the company "observed at least one instance of an attempt to actively exploit one of these vulnerabilities in the wild."
In light of this recent discovery, Trend Micro has taken steps to mitigate the risks associated with these vulnerabilities. For on-premise versions of Apex One Management Console, a short-term solution is available in the form of a fix tool. A more formal patch for the vulnerabilities is expected to be released in mid-August 2025.
It is worth noting that while this tool provides full protection against known exploits, it will disable the ability for administrators to utilize the Remote Install Agent function to deploy agents from the Trend Micro Apex One Management Console. However, other agent install methods such as UNC path or agent package are unaffected by these vulnerabilities and can continue to be used.
Trend Micro's advice in light of this discovery is for customers to review remote access to critical systems and ensure that policies and perimeter security are up-to-date. In addition, exploiting these type of vulnerabilities generally require that an attacker has access (physical or remote) to a vulnerable machine.
Related Information:
https://www.ethicalhackingnews.com/articles/Trend-Micro-Confirms-Active-Exploitation-of-Critical-Apex-One-Flaws-ehn.shtml
https://thehackernews.com/2025/08/trend-micro-confirms-active.html
https://nvd.nist.gov/vuln/detail/CVE-2025-54948
https://www.cvedetails.com/cve/CVE-2025-54948/
https://nvd.nist.gov/vuln/detail/CVE-2025-54987
https://www.cvedetails.com/cve/CVE-2025-54987/
Published: Wed Aug 6 05:58:12 2025 by llama3.2 3B Q4_K_M
