Remote Code Execution Vulnerability in Trend Micro Apex One Management Console
CVE-2025-54948

9.4CRITICAL

Key Information:

Vendor

Trend Micro
Status
Trend Micro Apex One
Vendor
CVE Published:
5 August 2025

Badges

📈 Score: 255💰 Ransomware👾 Exploit Exists📰 News Worthy

What is CVE-2025-54948?

CVE-2025-54948 is a notable vulnerability found in the Trend Micro Apex One management console, an on-premise cybersecurity solution designed to protect endpoints against a variety of threats, including malware and network intrusions. This vulnerability allows pre-authenticated remote attackers the ability to upload malicious code and execute commands on installations of Trend Micro Apex One. The capability to execute arbitrary commands poses a significant risk, as it enables potential exploitation of the management console itself, leading to unauthorized access and control over system configurations, data, and connected networks.

The risk associated with CVE-2025-54948 stems from the nature of the management console, which is a critical component of an organization's cybersecurity infrastructure. Given that it interacts with multiple endpoints and handles sensitive data, a successful exploit could severely undermine an organization's security posture, allowing attackers to propagate further intrusions within the network.

Potential impact of CVE-2025-54948

  1. Unauthorized Access and Control: The primary consequence of this vulnerability is that it allows attackers to gain unauthorized access to the management console, which can lead to complete control over the security settings and configurations of the affected environment.

  2. Data Breach Risk: By exploiting this vulnerability, attackers may access sensitive data stored on the system or accessible through network connections, leading to potential data breaches that can result in financial loss and reputational damage for the organization.

  3. Increased Attack Surface: Should the vulnerability be exploited, it can serve as a springboard for further attacks within the organization's network, enabling attackers to launch additional malicious activities, spread malware, or deploy ransomware, further complicating recovery efforts and increasing operational risks.

Affected Version(s)

Trend Micro Apex One 2019 (14.0) < 14.0.0.14039

News Articles

favicon imageCyber Security Agency of Singapore

Critical Vulnerabilities in Trend Micro Endpoint Security Products

Trend Micro has released a mitigation tool addressing critical vulnerabilities in its endpoint security products. Users and administrators are advised to...

19 hours ago

Attackers Exploit Critical Trend Micro Apex One Zero-Day Flaw

Two critical vulnerabilities affect the security vendor's management console, one of which is under active exploitation. The company has updated cloud-based products but won't have a patch for its on-premises version until mid-August.

1 day ago

favicon imageSecurity Affairs

Trend Micro fixes two actively exploited Apex One RCE flaws

Trend Micro patched two critical Apex One flaws (CVE-2025-54948, CVE-2025-54987) exploited in the wild, allowing RCE via console injection.

1 day ago

References

https://success.trendmicro.com/en-US/solution/KA-0020652

CVSS V3.1

Score:
9.4
Severity:
CRITICAL
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 💰

    Used in Ransomware

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by SecurityWeek

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-54948 : Remote Code Execution Vulnerability in Trend Micro Apex One Management Console