Ethical Hacking News
Trend Micro has patched two critically vulnerable flaws in its Apex One on-premises management console, which were actively exploited in the wild. The company recommends that customers review remote access to critical systems and ensure perimeter security policies are up-to-date to prevent similar attacks.
Trend Micro has released patches for two critical vulnerabilities in its Apex One on-premises management console. The vulnerabilities were actively exploited in the wild, with attackers using them to execute remote code execution (RCE) attacks. A temporary fix tool is available for customers using on-premise installations, but a full patch is expected by mid-August. Customers are advised to review remote access to critical systems and ensure that perimeter security policies are up-to-date. The vulnerabilities highlight the growing threat landscape associated with command injection RCE flaws.
Trend Micro, a leading cybersecurity vendor, has recently released patches for two critical vulnerabilities in its Apex One on-premises management console. The company confirmed that both flaws were actively exploited in the wild, with attackers using them to execute remote code execution (RCE) attacks.
The first vulnerability, tracked as CVE-2025-54948, allows a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. This vulnerability was discovered by Jacky Hsieh @ CoreCloud Tech working with Trend Zero Day Initiative. The same vulnerability is also present in CVE-2025-54987, but targets a different CPU architecture.
The Apex One management console is used by customers to manage their appliances remotely, and the two vulnerabilities could potentially allow attackers to gain access to the affected systems or execute malicious code on them. This highlights the importance of timely patching and updating solutions for critical system components.
In response to this vulnerability, Trend Micro has deployed mitigations for its Apex One as a Service. For customers using on-premise installations, a temporary fix tool is available, which blocks known exploits but disables the Remote Install Agent feature in the console. A full patch is expected by mid-August, and customers are advised to review remote access to critical systems and ensure that perimeter security policies are up-to-date.
In addition to these patches, Trend Micro has also warned that exploiting these vulnerabilities generally requires that an attacker has physical or remote access to a vulnerable machine. Therefore, customers who have their console's IP address exposed externally should consider mitigating factors such as source restrictions if they have not already done so.
This incident serves as a reminder of the importance of maintaining up-to-date and patched software systems to prevent exploitation by attackers. Cybersecurity vendors like Trend Micro play a crucial role in identifying and addressing vulnerabilities, and it is essential for organizations to collaborate with these vendors to ensure that their systems are secure.
Furthermore, this vulnerability highlights the growing threat landscape associated with command injection remote code execution (RCE) flaws. These types of flaws can be exploited by attackers to execute malicious commands on affected systems, potentially leading to unauthorized access or disruption of critical services.
The incident also underscores the importance of source restrictions for exposed consoles IP addresses and proper perimeter security measures to prevent similar attacks in the future.
In conclusion, Trend Micro's recent patching of two critical Apex One RCE flaws highlights the ongoing threat landscape associated with command injection RCE vulnerabilities. It is essential for organizations to prioritize timely patching, updated solutions, and proper security measures to protect their systems from exploitation by attackers.
Related Information:
https://www.ethicalhackingnews.com/articles/Trend-Micro-Patches-Critical-Apex-One-RCE-Flaws-Exploited-in-the-Wild-ehn.shtml
https://securityaffairs.com/180856/hacking/trend-micro-fixes-two-actively-exploited-apex-one-rce-flaws.html
https://nvd.nist.gov/vuln/detail/CVE-2025-54948
https://www.cvedetails.com/cve/CVE-2025-54948/
https://nvd.nist.gov/vuln/detail/CVE-2025-54987
https://www.cvedetails.com/cve/CVE-2025-54987/
Published: Wed Aug 6 11:47:44 2025 by llama3.2 3B Q4_K_M
