1. Home
  2. Vulnerabilities
  3. CVE-2025-54987
9.8
CRITICAL CVSS 3.1
CVE-2025-54987
Trend Micro Apex One Remote Code Execution Vulnerability
Description

A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is essentially the same as CVE-2025-54948 but targets a different CPU architecture.

INFO

Published Date :

Aug. 5, 2025, 1:15 p.m.

Last Modified :

Aug. 12, 2025, 2:10 p.m.

Remotely Exploit :

Yes !

Source :

[email protected]
Affected Products

The following products are affected by CVE-2025-54987 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Trendmicro apex_one
: Total Affected Vendor : 1 | Products : 1
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 CRITICAL [email protected]
CVSS 3.1 CRITICAL [email protected]
Solution
Update Apex One management console to patch remote code execution vulnerability.
  • Update Trend Micro Apex One management console.
  • Apply vendor-provided security patches.
Public PoC/Exploit Available at Github

CVE-2025-54987 has a 1 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2025-54987.

URL Resource
https://success.trendmicro.com/en-US/solution/KA-0020652 Patch Vendor Advisory
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2025-54987 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2025-54987 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
allinsthon/CVE-2025-54948

None

Updated: 2 weeks, 5 days ago
0 stars 0 fork 0 watcher
Born at : Aug. 7, 2025, 10:25 a.m. This repo has been linked 2 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2025-54987 vulnerability anywhere in the article.

  • The Register
Trend Micro offers weak workaround for already-exploited critical vuln in management console

Infosec In Brief A critical vulnerability in the on-prem version of Trend Micro's Apex One endpoint security platform is under active exploitation, the company admitted last week, and there's no patch ... Read more

Published Date: Aug 10, 2025 (2 weeks, 1 day ago)
  • Help Net Security
Week in review: SonicWall firewalls targeted in ransomware attacks, Black Hat USA 2025

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Black Hat USA 2025 Black Hat USA 2025 took place at the Mandalay Bay Convention Center in Las Vegas. E ... Read more

Published Date: Aug 10, 2025 (2 weeks, 2 days ago)
  • Help Net Security
Microsoft urges admins to plug severe Exchange security hole (CVE-2025-53786)

“In an Exchange hybrid deployment, an attacker who first gains administrative access to an on-premises Exchange server could potentially escalate privileges within the organization’s connected cloud e ... Read more

Published Date: Aug 07, 2025 (2 weeks, 5 days ago)
  • Help Net Security
SonicWall: Attackers did not exploit zero-day vulnerability to compromise Gen 7 firewalls

Akira ransomware affiliates are not leveraging an unknown, zero-day vulnerability in SonicWall Gen 7 firewalls to breach corporate networks, the security vendor shared today. “Instead, there is a sign ... Read more

Published Date: Aug 07, 2025 (2 weeks, 5 days ago)
  • Help Net Security
Energy companies are blind to thousands of exposed services

Many of America’s largest energy providers are exposed to known and exploitable vulnerabilities, and most security teams may not even see them, according to a new report from SixMap. Researchers asses ... Read more

Published Date: Aug 07, 2025 (2 weeks, 5 days ago)
  • TheCyberThrone
Trend Micro Apex One Critical Vulnerabilities

August 7, 2025OverviewIn early August 2025, Trend Micro issued an urgent security bulletin disclosing two actively exploited critical vulnerabilities in its Apex One and Apex One as a Service (on-prem ... Read more

Published Date: Aug 07, 2025 (2 weeks, 5 days ago)
  • Help Net Security
Adobe patches critical Adobe Experience Manager Forms vulnerabilities with public PoC

Adobe has released an emergency security update for Adobe Experience Manager Forms on Java Enterprise Edition (JEE), which fix two critical vulnerabilities (CVE-2025-54253, CVE-2025-54254) with a publ ... Read more

Published Date: Aug 06, 2025 (2 weeks, 6 days ago)
  • Help Net Security
Trend Micro Apex One flaws exploted in the wild (CVE-2025-54948, CVE-2025-54987)

Unauthenticated command injection vulnerabilities (CVE-2025-54948, CVE-2025-54987) affecting the on-premise version of Trend Micro’s Apex One endpoint security platform are being probed by attackers, ... Read more

Published Date: Aug 06, 2025 (2 weeks, 6 days ago)
  • BleepingComputer
Trend Micro warns of Apex One zero-day exploited in attacks

Trend Micro has warned customers to immediately secure their systems against an actively exploited remote code execution vulnerability in its Apex One endpoint security platform. Apex One is an endpoi ... Read more

Published Date: Aug 06, 2025 (2 weeks, 6 days ago)
  • security.nl
Trend Micro waarschuwt voor actief misbruik van Apex One-lek

Antivirusbedrijf Trend Micro waarschuwt klanten voor actief misbruik van een kritieke kwetsbaarheid in endpoint security platform Apex One en heeft een tijdelijke oplossing uitgebracht om organisaties ... Read more

Published Date: Aug 06, 2025 (2 weeks, 6 days ago)
  • The Hacker News
Trend Micro Confirms Active Exploitation of Critical Apex One Flaws in On-Premise Systems

Aug 06, 2025Ravie LakshmananVulnerability / Endpoint Security Trend Micro has released mitigations to address critical security flaws in on-premise versions of Apex One Management Console that it sa ... Read more

Published Date: Aug 06, 2025 (2 weeks, 6 days ago)
  • CybersecurityNews
Critical Trend Micro Apex One Management RCE Vulnerability Actively Exploited in the wild

Critical command injection remote code execution (RCE) vulnerabilities in Trend Micro Apex One Management Console are currently being actively exploited by threat actors. The company confirmed observi ... Read more

Published Date: Aug 06, 2025 (2 weeks, 6 days ago)
  • Daily CyberSecurity
Critical Command Injection Flaws in Trend Micro Apex One Actively Exploited

Trend Micro has issued an urgent advisory for two critical command injection vulnerabilities affecting its Apex One (on-prem) management console for Windows. Both vulnerabilities—CVE-2025-54948 and CV ... Read more

Published Date: Aug 05, 2025 (2 weeks, 6 days ago)

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2025-54987 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Aug. 12, 2025

    Action Type Old Value New Value
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Added CPE Configuration OR *cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:on-premises:windows:*:*
    Added Reference Type Trend Micro, Inc.: https://success.trendmicro.com/en-US/solution/KA-0020652 Types: Patch, Vendor Advisory
  • New CVE Received by [email protected]

    Aug. 05, 2025

    Action Type Old Value New Value
    Added Description A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is essentially the same as CVE-2025-54948 but targets a different CPU architecture.
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
    Added CWE CWE-78
    Added Reference https://success.trendmicro.com/en-US/solution/KA-0020652
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
Base CVSS Score: 9.8
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact