Remote Code Execution Vulnerability in Trend Micro Apex One Management Console
CVE-2025-54987
What is CVE-2025-54987?
A vulnerability in the management console of Trend Micro Apex One (on-premise) could permit pre-authenticated remote attackers to upload malicious code and execute arbitrary commands on compromised installations. This flaw poses a significant risk as it allows for unauthorized access to the system's resources, potentially leading to data breaches and further exploitation. It is crucial for users of Apex One to apply the necessary updates and patches to mitigate this threat effectively.
Affected Version(s)
Trend Micro Apex One 2019 (14.0) < 14.0.0.14039
News Articles
Help Net SecurityWeek in review: SonicWall firewalls targeted in ransomware attacks, Black Hat USA 2025 - Help Net Security
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Black Hat USA 2025 Black Hat USA 2025 took place at the
Cyber Security Agency of SingaporeCritical Vulnerabilities in Trend Micro Endpoint Security Products
Trend Micro has released a mitigation tool addressing critical vulnerabilities in its endpoint security products. Users and administrators are advised to...
Attackers Exploit Critical Trend Micro Apex One Zero-Day Flaw
Two critical vulnerabilities affect the security vendor's management console, one of which is under active exploitation. The company has updated cloud-based products but won't have a patch for its on-premises version until mid-August.