[Vulnerability Alert] Two Significant Security Vulnerabilities Exist in the Trend Micro Apex One Management Console

Date Posted: 2025/08/07

Subject: [Vulnerability Alert] Two Significant Security Vulnerabilities Exist in the Trend Micro Apex One Management Console

Content:
- Forwarded from Taiwan Computer Network Emergency Response Team/Coordination Center TWCERTCC-200-202508-00000002
- Apex One is a Trend Micro endpoint security solution that provides centralized management functions to effectively protect enterprise endpoints from various cybersecurity threats. Recently, Trend Micro released an advisory for two significant security vulnerabilities (CVE-2025-54948, CVSS: 9.4 and CVE-2025-54987, CVSS: 9.4), both of which are OS command injection vulnerabilities that allow pre-authenticated remote attackers to upload malicious code and execute commands.
Affected Platforms:
- Apex One (on-prem) 2019 versions prior to and including 14.0.0.14039
Recommended Action:
- Apply patches according to the solution released on the official website: https://success.trendmicro.com/en-US/solution/KA-0020652
References:
- https://www.twcert.org.tw/tw/cp-169-10314-4907b-1.html

Computer and Communications Center
Network Systems Group