Ethical Hacking News
Trend Micro has issued a warning to its customers regarding an actively exploited zero-day vulnerability in its Apex One endpoint security platform. The vulnerability allows pre-authenticated attackers to execute arbitrary code remotely on systems running unpatched software, highlighting the importance of staying up-to-date with security patches and taking proactive measures to secure systems against emerging threats.
Trend Micro has issued a warning to its customers due to an actively exploited remote code execution vulnerability in its Apex One endpoint security platform. The critical security flaw, CVE-2025-54948 and CVE-2025-54987, is due to a command injection weakness that allows pre-authenticated attackers to execute arbitrary code remotely on systems running unpatched software. A mitigation tool has been released to provide short-term mitigation against exploitation attempts, but it disables the Remote Install Agent function. The company plans to release a security patch around mid-August 2025 to fix the vulnerability and restore remote management capabilities. Customers are urged to secure vulnerable endpoints immediately, even if it means temporarily losing remote management capabilities. This is not the first time Trend Micro has warned of vulnerabilities in its Apex One platform, highlighting the importance of staying up-to-date with security patches and taking proactive measures to secure systems.
Trend Micro has issued a warning to its customers, urging them to take immediate action to secure their systems against an actively exploited remote code execution vulnerability in its Apex One endpoint security platform. The Apex One platform is designed to automatically detect and respond to threats, including malicious tools, malware, and vulnerabilities.
The critical security flaw, tracked as CVE-2025-54948 and CVE-2025-54987 depending on the CPU architecture, is due to a command injection weakness in the Apex One Management Console (on-premise). This allows pre-authenticated attackers to execute arbitrary code remotely on systems running unpatched software. The vulnerability has already been exploited in the wild, with Trend Micro observing at least one instance of an attempt to actively exploit one of these vulnerabilities.
Trend Micro has released a mitigation tool that provides short-term mitigation against exploitation attempts. However, this mitigation tool will disable the ability for administrators to utilize the Remote Install Agent function to deploy agents from the Trend Micro Apex One Management Console. The company has also observed that the vulnerability can be exploited if an attacker has access to the Trend Micro Apex One Management Console, and customers who have their console's IP address exposed externally should consider mitigating factors such as source restrictions.
The company has not yet issued a security patch to fix this actively exploited vulnerability, but it is planned to release a patch around mid-August 2025, which will also restore the Remote Install Agent functionality disabled by the mitigation tool. In the meantime, Trend Micro urges administrators to promptly secure vulnerable endpoints, even if this means temporarily losing remote management capabilities.
This is not the first time that Trend Micro has warned of vulnerabilities in its Apex One platform. The company had previously patched two other Apex One zero-day vulnerabilities, one of which was exploited in the wild in September 2022 (CVE-2022-40139) and another in September 2023 (CVE-2023-41179). Earlier this month, the company also addressed multiple critical-severity remote code execution and authentication bypass flaws in its Apex Central and Endpoint Encryption (TMEE) PolicyServer products.
The recent warning from Trend Micro highlights the importance of staying up-to-date with security patches and taking proactive measures to secure systems against newly discovered vulnerabilities. As the threat landscape continues to evolve, it is crucial for organizations to prioritize their cybersecurity efforts and invest in robust security solutions that can detect and respond to emerging threats.
In addition to the Apex One platform, the CVE-2025-54948 and CVE-2025-54987 vulnerabilities have implications for other systems and software that rely on the same command injection mechanism. As such, it is essential for organizations to conduct a thorough risk assessment and take necessary steps to mitigate these vulnerabilities, including patching affected systems, updating software, and implementing additional security controls.
The recent warning from Trend Micro serves as a reminder of the ongoing threat landscape and the need for organizations to prioritize their cybersecurity efforts. By staying informed about emerging threats and taking proactive measures to secure their systems, organizations can reduce their risk of falling victim to cyber attacks and protect their sensitive data.
Related Information:
https://www.ethicalhackingnews.com/articles/Trend-Micro-Warns-of-Newly-Exploited-Apex-One-Zero-Day-Vulnerability-ehn.shtml
https://www.bleepingcomputer.com/news/security/trend-micro-warns-of-endpoint-protection-zero-day-exploited-in-attacks/
https://nvd.nist.gov/vuln/detail/CVE-2025-54948
https://www.cvedetails.com/cve/CVE-2025-54948/
https://nvd.nist.gov/vuln/detail/CVE-2025-54987
https://www.cvedetails.com/cve/CVE-2025-54987/
Published: Wed Aug 6 05:42:20 2025 by llama3.2 3B Q4_K_M
