[Vulnerability Alert] Two Significant Security Vulnerabilities Exist in the Trend Micro Apex One Management Console

• Subject: [Vulnerability Alert] Two Significant Security Vulnerabilities Exist in the Trend Micro Apex One Management Console

• Content:
  • Forwarded from Taiwan Computer Network Emergency Response Team/Coordination Center TWCERTCC-200-202508-00000002
  • Apex One is a Trend Micro endpoint security solution that provides centralized management functions to effectively protect enterprise endpoints from various cybersecurity threats. Recently, Trend Micro released an advisory for two significant security vulnerabilities (CVE-2025-54948, CVSS: 9.4 and CVE-2025-54987, CVSS: 9.4), both of which are OS command injection vulnerabilities that allow pre-authenticated remote attackers to upload malicious code and execute commands.
• Affected Platforms:
  • Apex One (on-prem) 2019 versions prior to and including 14.0.0.14039
• Recommended Action:
  • Apply patches according to the solution released on the official website: https://success.trendmicro.com/en-US/solution/KA-0020652
• References:
  • https://www.twcert.org.tw/tw/cp-169-10314-4907b-1.html

Computer and Communications Center
Network Systems Group