CVE-2025-54948
Trend Micro Apex One OS Command Injection Vulnerability - [Actively Exploited]
Description
A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations.
INFO
Published Date :
Aug. 5, 2025, 1:15 p.m.
Last Modified :
Aug. 19, 2025, 1 a.m.
Remotely Exploit :
Yes !
Source :
[email protected]
CISA KEV (Known Exploited Vulnerabilities)
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.
Trend Micro Apex One Management Console (on-premise) contains an OS command injection vulnerability that could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
https://success.trendmicro.com/en-US/solution/KA-0020652 ; N/A ; https://nvd.nist.gov/vuln/detail/CVE-2025-54948
CVSS Scores
Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
---|---|---|---|---|---|---|
CVSS 3.1 | CRITICAL | [email protected] | ||||
CVSS 3.1 | CRITICAL | [email protected] |
Solution
- Apply the latest security patches and updates from Trend Micro.
- Ensure the management console is protected and access is restricted.
Public PoC/Exploit Available at Github
CVE-2025-54948 has a 4 public
PoC/Exploit
available at Github.
Go to the Public Exploits
tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2025-54948
.
URL | Resource |
---|---|
https://success.trendmicro.com/en-US/solution/KA-0020652 | Patch Vendor Advisory |
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2025-54948
is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2025-54948
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
None
None
Python
CISA Bot is a GitHub bot that automatically monitors the Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) Catalog. When new vulnerabilities are published in the KEV, the bot creates GitHub issues in this repository with detailed information about each vulnerability.
Python
List of real-world threats against endpoint protection software
antivirus security incidents exploits vulnerability endpoint-protection
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2025-54948
vulnerability anywhere in the article.

-
Daily CyberSecurity
Awe Dropping: Apple Announces September 9 Event, Teasing a Groundbreaking Design
Apple has officially confirmed that it will host its autumn launch event on September 9 at 10:00 a.m. (Pacific Time) at its Cupertino headquarters. The event will carry the theme “Awe dropping,” hinti ... Read more

-
CybersecurityNews
CISA Warns of Trend Micro Apex One OS Command Injection Vulnerability Exploited in Attacks
CISA has issued a critical warning regarding a high-severity OS command injection vulnerability in Trend Micro Apex One Management Console that threat actors are actively exploiting in the wild. The v ... Read more

-
Daily CyberSecurity
CISA Flags Actively Exploited Trend Micro Apex One Vulnerability (CVE-2025-54948)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Trend Micro Apex One vulnerability—CVE-2025-54948—to its Known Exploited Vulnerabilities (KEV) Catalog, citing evi ... Read more

-
security.nl
Trend Micro dicht actief aangevallen kwetsbaarheid in Apex One-platform
Trend Micro heeft een actief aangevallen kwetsbaarheid in endpoint security platform Apex One gedicht. Het securitybedrijf kwam op 5 augustus al met een waarschuwing voor het probleem, aangeduid als C ... Read more

-
The Register
Trend Micro offers weak workaround for already-exploited critical vuln in management console
Infosec In Brief A critical vulnerability in the on-prem version of Trend Micro's Apex One endpoint security platform is under active exploitation, the company admitted last week, and there's no patch ... Read more

-
Help Net Security
Week in review: SonicWall firewalls targeted in ransomware attacks, Black Hat USA 2025
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Black Hat USA 2025 Black Hat USA 2025 took place at the Mandalay Bay Convention Center in Las Vegas. E ... Read more

-
Help Net Security
Microsoft urges admins to plug severe Exchange security hole (CVE-2025-53786)
“In an Exchange hybrid deployment, an attacker who first gains administrative access to an on-premises Exchange server could potentially escalate privileges within the organization’s connected cloud e ... Read more

-
Help Net Security
SonicWall: Attackers did not exploit zero-day vulnerability to compromise Gen 7 firewalls
Akira ransomware affiliates are not leveraging an unknown, zero-day vulnerability in SonicWall Gen 7 firewalls to breach corporate networks, the security vendor shared today. “Instead, there is a sign ... Read more

-
Help Net Security
Energy companies are blind to thousands of exposed services
Many of America’s largest energy providers are exposed to known and exploitable vulnerabilities, and most security teams may not even see them, according to a new report from SixMap. Researchers asses ... Read more

-
TheCyberThrone
Trend Micro Apex One Critical Vulnerabilities
August 7, 2025OverviewIn early August 2025, Trend Micro issued an urgent security bulletin disclosing two actively exploited critical vulnerabilities in its Apex One and Apex One as a Service (on-prem ... Read more

-
Help Net Security
Adobe patches critical Adobe Experience Manager Forms vulnerabilities with public PoC
Adobe has released an emergency security update for Adobe Experience Manager Forms on Java Enterprise Edition (JEE), which fix two critical vulnerabilities (CVE-2025-54253, CVE-2025-54254) with a publ ... Read more

-
Help Net Security
Trend Micro Apex One flaws exploted in the wild (CVE-2025-54948, CVE-2025-54987)
Unauthenticated command injection vulnerabilities (CVE-2025-54948, CVE-2025-54987) affecting the on-premise version of Trend Micro’s Apex One endpoint security platform are being probed by attackers, ... Read more

-
BleepingComputer
Trend Micro warns of Apex One zero-day exploited in attacks
Trend Micro has warned customers to immediately secure their systems against an actively exploited remote code execution vulnerability in its Apex One endpoint security platform. Apex One is an endpoi ... Read more

-
security.nl
Trend Micro waarschuwt voor actief misbruik van Apex One-lek
Antivirusbedrijf Trend Micro waarschuwt klanten voor actief misbruik van een kritieke kwetsbaarheid in endpoint security platform Apex One en heeft een tijdelijke oplossing uitgebracht om organisaties ... Read more

-
The Hacker News
Trend Micro Confirms Active Exploitation of Critical Apex One Flaws in On-Premise Systems
Aug 06, 2025Ravie LakshmananVulnerability / Endpoint Security Trend Micro has released mitigations to address critical security flaws in on-premise versions of Apex One Management Console that it sa ... Read more

-
CybersecurityNews
Critical Trend Micro Apex One Management RCE Vulnerability Actively Exploited in the wild
Critical command injection remote code execution (RCE) vulnerabilities in Trend Micro Apex One Management Console are currently being actively exploited by threat actors. The company confirmed observi ... Read more

-
Daily CyberSecurity
Critical Command Injection Flaws in Trend Micro Apex One Actively Exploited
Trend Micro has issued an urgent advisory for two critical command injection vulnerabilities affecting its Apex One (on-prem) management console for Windows. Both vulnerabilities—CVE-2025-54948 and CV ... Read more
The following table lists the changes that have been made to the
CVE-2025-54948
vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725
Aug. 19, 2025
Action Type Old Value New Value Added Date Added 2025-08-18 Added Due Date 2025-09-08 Added Required Action Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Added Vulnerability Name Trend Micro Apex One OS Command Injection Vulnerability -
Initial Analysis by [email protected]
Aug. 12, 2025
Action Type Old Value New Value Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Added CPE Configuration OR *cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:on-premises:windows:*:* Added Reference Type Trend Micro, Inc.: https://success.trendmicro.com/en-US/solution/KA-0020652 Types: Patch, Vendor Advisory -
New CVE Received by [email protected]
Aug. 05, 2025
Action Type Old Value New Value Added Description A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H Added CWE CWE-78 Added Reference https://success.trendmicro.com/en-US/solution/KA-0020652