Trend Micro has recently confirmed the discovery and active exploitation of two critical vulnerabilities in the on-premise editions of its Apex One Management Console. These vulnerabilities, catalogued as CVE-2025-54948 and CVE-2025-54987, each carry a severity score of 9.4 out of 10 on the CVSS scale, indicating a significant risk to affected organizations.
Vulnerability Details and Exploitation Landscape
Both identified flaws involve command injection and remote code execution weaknesses within the management console. An attacker with no prior authentication can exploit these vulnerabilities to upload and execute malicious code on compromised systems. While the nature of the vulnerabilities is fundamentally similar, each targets distinct CPU architectures, expanding the range of potentially at-risk deployments.
Trend Micro has acknowledged that the vulnerabilities are being actively targeted, with confirmed unauthorized exploitation attempts observed in real-world environments. However, finer details regarding the methodologies or specific indicators of compromise associated with these attacks have not yet been made public.
Mitigation Measures and Timelines
In response to these threats, Trend Micro rolled out mitigations for its Apex One as a Service platform on July 31, 2025. For organizations utilizing on-premise versions of the solution, the company has provided a temporary fix. This fix effectively blocks exploitation attempts but also disables the Remote Install Agent function within the management console. Notably, alternative agent installation methods remain unaffected, ensuring that organizations can continue to deploy new endpoints securely.
A full, formal patch addressing both vulnerabilities is scheduled for release in mid-August 2025. Until then, Trend Micro strongly advises users of impacted on-premise systems to apply the available temporary fix and review their network’s remote access policies.
Security Recommendations
In the face of ongoing exploitation, Trend Micro urges all organizations to:
- Promptly apply the latest updates, mitigations, and fixes as they become available.
- Tighten remote access controls to limit exposure.
- Regularly review and update security policies, especially those governing administrative interfaces.
- Restrict both physical and remote access to critical management consoles wherever possible.
