Remote Code Execution Vulnerability in Trend Micro Apex One Management Console

CVE-2025-54987

What is CVE-2025-54987?

A vulnerability in the management console of Trend Micro Apex One (on-premise) could permit pre-authenticated remote attackers to upload malicious code and execute arbitrary commands on compromised installations. This flaw poses a significant risk as it allows for unauthorized access to the system's resources, potentially leading to data breaches and further exploitation. It is crucial for users of Apex One to apply the necessary updates and patches to mitigate this threat effectively.

News Articles

Cyber Security Agency of Singapore

CVE-2025-54948CVE-2025-54987

Critical Vulnerabilities in Trend Micro Endpoint Security Products

Trend Micro has released a mitigation tool addressing critical vulnerabilities in its endpoint security products. Users and administrators are advised to...

19 hours ago

CVE-2025-54948CVE-2025-54987

Attackers Exploit Critical Trend Micro Apex One Zero-Day Flaw

Two critical vulnerabilities affect the security vendor's management console, one of which is under active exploitation. The company has updated cloud-based products but won't have a patch for its on-premises version until mid-August.

1 day ago

Security Affairs

CVE-2025-54948CVE-2025-54987

Trend Micro fixes two actively exploited Apex One RCE flaws

Trend Micro patched two critical Apex One flaws (CVE-2025-54948, CVE-2025-54987) exploited in the wild, allowing RCE via console injection.

1 day ago

More News...

References