Trend Micro has now corroborated the active exploitation of critical vulnerabilities within its on-premise Apex One Management Console. The company has published mitigations to cover these two major vulnerabilities, known as CVE-2025-54948 and CVE-2025-54987. Both vulnerabilities received a maximum (and thus quite bad) critical rating of 9.4 on the Common Vulnerability Scoring System (CVSS), describing their true potential havoc they could wreak.
CVE-2025-54948 is described as a management console command injection vulnerability, while CVE-2025-54987 is a remote code execution vulnerability. The cyber security firm stated that hackers have already taken advantage of these vulnerabilities in the wild. This development is troubling news indeed for anyone who uses any of the listed software.
Details of the Vulnerabilities
CVE-2025-54948 is a vulnerability due to improper input validation in the console management backend. Such a design flaw allows a remote, unauthenticated attacker to gain access to the management console interface. They can then use that information to create malicious payloads that inject operating system commands to execute. Consequently, these payloads result in unauthenticated remote code execution on vulnerable systems.
CVE-2025-54987 is another critical security risk. This security weakness lets a pre-auth authenticated adversary inject hostile code. They can then use these credentials to run commands on installations of the Apex One Management Console.
“A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations,” – Trend Micro
Mitigation and Future Patches
In reaction to these vulnerabilities, Trend Micro has offered mitigations to help reduce the risk of exploitation. The tech giant urges all users to stay alert and take these precautions as soon as possible. A formal patch for both vulnerabilities is expected to be available in the third week of August 2025.
Trend Micro recommends immediate application of any available patches and encourages customers to re-evaluate their remote access practices. The firm suggests keeping policies and perimeter security protocols up to date and working efficiently.
“In addition to timely application of patches and updated solutions, customers are also advised to review remote access to critical systems and ensure policies and perimeter security is up-to-date,” – Trend Micro
Active Exploitation Concerns
Active exploitation remains a major concern. Customers of the Apex One Management Console need to follow these steps without delay to secure themselves. Trend Micro underscores that attackers typically require physical or remote access to an exploitable machine to leverage such vulnerabilities. This new requirement underscores the need to protect local and remote systems alike.
“Exploiting these type of vulnerabilities generally require that an attacker has access (physical or remote) to a vulnerable machine,” – Trend Micro