CVE-2025-54948
Published Aug 5, 2025
Last updated a month ago
AI description
CVE-2025-54948 is a command injection vulnerability that affects the on-premise version of Trend Micro Apex One. It exists within the Apex One management console, which listens on TCP ports 8080 and 4343 by default. The vulnerability stems from the lack of proper validation of a user-supplied string before using it to execute a system call. A pre-authenticated remote attacker could exploit this vulnerability to upload malicious code and execute commands on affected installations. This could allow an attacker to execute code in the context of IUSR. Trend Micro has observed attempts to actively exploit this vulnerability in the wild. A temporary fix is available, and a formal patch is expected in mid-August 2025.
- Description
- A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations.
- Source
- security@trendmicro.com
- NVD status
- Analyzed
- Products
- apex_one
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Trend Micro Apex One OS Command Injection Vulnerability
- Exploit added on
- Aug 18, 2025
- Exploit action due
- Sep 8, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- security@trendmicro.com
- CWE-78
- Hype score
- Not currently trending
CVE-2025-54948 Trend Micro Apex One Management Console (on-premise) contains an OS command injection vulnerability that could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations.
@ZeroDayFacts
9 Sept 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-33073 2 - CVE-2023-50428 3 - CVE-2024-30088 4 - CVE-2025-42957 5 - CVE-2025-54948 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
8 Sept 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA has flagged a serious vulnerability in Trend Micro Apex One (CVE-2025-54948) as actively exploited, urging immediate remediation. #CISA #CyberAlert #Vulnerability https://t.co/tOmoT668G7
@DailyDataDosee
23 Aug 2025
257 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
🚨 Threat Advisory: Critical CVE-2025-54948 flaw in Trend Micro Apex One under active exploitation. Attackers gain admin access, disable security controls & may deploy ransomware org-wide. At Risk: Organizations running Apex One without latest patch. Act now. https://t.co/i
@sequretek_sqtk
22 Aug 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Trend Micro Apex Oneの重大な脆弱性(CVE-2025-54948)がCISA「KEV」に追加-実際に悪用される可能性 #セキュリティ対策Lab #セキュリティ #Security https://t.co/yeMBLTai36
@securityLab_jp
21 Aug 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Trend Micro Apex One の脆弱性(CVSS3.0スコア9.4緊急)。先週?だったかIPAもメールで緊急パッチの注意喚起してましたが、8/18に正式パッチリリースされてますね。お仕事早くて良いですね。オンプレ版Apexone お使い
@ymgcakr_
20 Aug 2025
38 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-54948
@transilienceai
20 Aug 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
The U.S. CISA added Trend Micro Apex One CVE-2025-54948 to its Known Exploited Vulnerabilities list due to active remote code execution exploits. Patches expected by mid-August 2025. #TrendMicro #CISA #USA https://t.co/fh9E7acrGh
@TweetThreatNews
19 Aug 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Security Bulletin: Trend Micro Apex One OS Command Injection – CVE-2025-54948 (CVSS 9.4) allows unauthenticated RCE via mgmt console ports 8080/4343. Exploitation confirmed. Patch to SP1 CP B14081+ or use FixTool_Aug2025. #ThreatIntel #RedL... https://t.co/os9T4BY9Wy
@RedLegg
19 Aug 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Trend Micro Apex One flaw, tracked as CVE-2025-54948, to its Known Exploited Vulnerabilities (KEV) catalog. #cybersecurity https://t.co/FjBbM3dJD8
@cybertzar
19 Aug 2025
10 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Trend Microが悪用を観測したと報告し、CISAが既知の脆弱性カタログに登録しました。 CVE-2025-54948、CVE-2025-54987 対象製品: Trend Micro Apex One 管理コンソールのコマンドインジェクション脆弱性。未認証のリモート攻
@t_nihonmatsu
19 Aug 2025
244 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
更新:Trend Micro 製品の脆弱性対策について(CVE-2025-54948等) https://t.co/kAyrBwg1st
@ICATalerts
19 Aug 2025
4186 Impressions
10 Retweets
12 Likes
0 Bookmarks
0 Replies
2 Quotes
Trend Micro 製品の脆弱性対策について(CVE-2025-54948等) | 情報セキュリティ | IPA 独立行政法人 情報処理推進機構 https://t.co/c5aH2TYvCZ
@fyi787
19 Aug 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
💻 CISA just added a new vulnerability to its list: CVE-2025-54948 is injecting chaos into Trend Micro Apex One! Time to patch up before the cyber gremlins throw a party in your console! #CyberSecurity #WindowsForum #PatchYourStuff https://t.co/yfQw0qfngi
@windowsforum
18 Aug 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA flagged a critical Trend Micro Apex One flaw (CVE-2025-54948) as actively exploited. Hackers are using LLMs to craft stealthy trojans, while ransomware hit manufacturing hardest—65% of Q2 cases. #CyberSecurity #LLM #ransomwareattack https://t.co/k9dUPVRzDq
@DailyDataDosee
18 Aug 2025
53 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
🛡️ We added Trend Micro Apex One OS command injection vulnerability CVE-2025-54948 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwapzIN & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/9iX8DFvgpN
@CISACyber
18 Aug 2025
9993 Impressions
41 Retweets
82 Likes
3 Bookmarks
3 Replies
2 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-54948 Trend Micro Apex One OS Command Injection Vulnerability https://t.co/qWUpdfrSIG
@ScyScan
18 Aug 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
トレンドマイクロ株式会社 【注意喚起】弊社エンドポイント製品の脆弱性を悪用した攻撃を確認したことによる対応のお願い(CVE-2025-54948,CVE-2025-54987) https://t.co/88amcizZUC
@tarenyanco_10
18 Aug 2025
81 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
(CVE-2025-54948、CVE-2025-54987)の対応パッチがリリースされた模様。 https://t.co/Is2s0DkslC
@MrGensui56
18 Aug 2025
119 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-54948
@transilienceai
17 Aug 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-54948
@transilienceai
16 Aug 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 New Templates Bounty Issue 💰 CVE-2025-54948 - Trend Micro Apex One - Command Injection 💰 👾 Issue: https://t.co/nfXzJhZ4Ig #bugbounty #NucleiTemplates #cve #opensource
@pdnuclei
13 Aug 2025
1133 Impressions
4 Retweets
14 Likes
4 Bookmarks
0 Replies
0 Quotes
トレンドマイクロ Apex Oneで複数の脆弱性-サイバー攻撃への悪用を確認(CVE-2025-54948,CVE-2025-54987) #セキュリティ対策Lab #セキュリティ #Security https://t.co/aIBreX26Uf
@securityLab_jp
12 Aug 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54987, CVE-2025-54948: Trend Micro Apex One Command Injection Zero-Days Exploited In The Wild https://t.co/oXgLWcjQlZ https://t.co/sjHN44YYJR
@IT_Peurico
12 Aug 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54987, CVE-2025-54948: Trend Micro Apex One Command Injection Zero-Days Exploited In The Wild https://t.co/ApNjRwV7f5 https://t.co/pBdLfXs6jB
@ggrubamn
12 Aug 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54987, CVE-2025-54948: Trend Micro Apex One Command Injection Zero-Days Exploited In The Wild https://t.co/rM4qLCZcG2 https://t.co/MarVUtm2d7
@dansantanna
12 Aug 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-54948
@transilienceai
12 Aug 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 CVE-2025-54987 y CVE-2025-54948 vulnerabilidades de inyección de comandos que afectan a la consola de administración de Trend Micro Apex One. Un atacante no autenticado con acceso físico o de red a un equipo vulnerable puede cargar archivos arbitrarios https://t.co/GN60g
@ciberseguridadx
11 Aug 2025
50 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical Flaws in Trend Micro Apex One Exploited in the Wild! Two high-severity RCE vulns (CVE-2025-54948 & CVE-2025-54987) under active attack. Patches coming mid-August—apply mitigations now! #TrendMicro #CyberAttack https://t.co/WmTIWGshQL
@CyberWolfGuard
10 Aug 2025
62 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54948 (CVSS:9.4, CRITICAL) is Awaiting Analysis. A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker ..https://t.co/SZASDimsKe #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
10 Aug 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-54948
@transilienceai
10 Aug 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-54987, CVE-2025-54948: Trend Micro Apex One Command Injection Zero-Days Exploited In The Wild https://t.co/EPhSh7pecS https://t.co/oK58vMKObJ
@TechMash365
9 Aug 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨🚨Two critical flaws in Trend Micro Apex One (on-prem) management console. Remote attackers can exploit pre-auth RCE, upload malicious code, and take full control. CVE-2025-54948: Hits one CPU arch hard. CVE-2025-54987: Basically the evil twin for a different CPU setup. htt
@zoomeye_team
8 Aug 2025
947 Impressions
3 Retweets
8 Likes
2 Bookmarks
0 Replies
0 Quotes
Trend Micro Confirms Active Exploitation of Critical Apex One Flaws in On-Premise Systems. The vulnerabilities (CVE-2025-54948 and CVE-2025-54987), both rated 9.4 on the CVSS scoring system. https://t.co/nXPKboPPQN https://t.co/2Wdb4p9uXw
@riskigy
7 Aug 2025
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54987, CVE-2025-54948: Trend Micro Apex One Command Injection Zero-Days Exploited In The Wild https://t.co/I2LOfBi6At https://t.co/bpAnK9YgWY
@Trej0Jass
7 Aug 2025
67 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54987, CVE-2025-54948: Trend Micro Apex One Command Injection Zero-Days Exploited In The Wild https://t.co/L8VWCtSPF1 https://t.co/9uyzoSvlRq
@Art_Capella
7 Aug 2025
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Trend Micro 製品の脆弱性対策について(CVE-2025-54948等) | 情報セキュリティ | IPA 独立行政法人 情報処理推進機構 https://t.co/c5aH2TYvCZ
@fyi787
7 Aug 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Trend Micro 製品の脆弱性対策について(CVE-2025-54948等) https://t.co/kAyrBwg1st
@ICATalerts
7 Aug 2025
4289 Impressions
17 Retweets
9 Likes
1 Bookmark
0 Replies
2 Quotes
IPA 重要 | Trend Micro 製品の脆弱性対策について(CVE-2025-54948等) https://t.co/e5RHnISa4J #itsec_jp
@itsec_jp
7 Aug 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54987, CVE-2025-54948: Trend Micro Apex One Command Injection Zero-Days Exploited In The Wild https://t.co/Oo7QWbYsk4 https://t.co/df0CeqJ6JP
@pcasano
7 Aug 2025
74 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
💡マイクロソフト、マルウェアの自動分類にAIツールを活用する「Project Ire」を発表 🚨Trend Micro Apex Oneの脆弱性が悪用される(CVE-2025-54948、CVE-2025-54987) 〜サイバーアラート8月7日〜 https://t.co/BXtTOnAeph #セキ
@MachinaRecord
7 Aug 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Breaking: Hackers exploit zero-day flaws in Trend Micro Apex One (CVE-2025-54948 & CVE-2025-54987), possibly linked to Chinese threat actors. If you use this endpoint security tool, patch NOW to avoid command injection attacks! #CyberSecurity #ZeroDay https://t.co/mCSDxQ
@SecurityHelpAi
6 Aug 2025
69 Impressions
2 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
#TrendMicro ha publicado mitigaciones para abordar fallas de seguridad críticas en las versiones locales de Apex One Management Console que, según afirma, han sido explotadas de forma activa. CVE-2025-54948 y CVE-2025-54987 #2025 #Infosed #BT https://t.co/fQIGFZKCrb
@BrierandThornMX
6 Aug 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Vulnerabilidades en los productos de Trend Micro ❗CVE-2025-54948 ❗CVE-2025-54987 ➡️Más info: https://t.co/sbe92Qtr3Z https://t.co/qYsEv59nWt
@CERTpy
6 Aug 2025
90 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Trend Micro Apex One : l'éditeur confirme de multiples exploitations des CVE-2025-54948 et CVE-2025-54987 (CVSS 9.4) qui permettent à un attaquant pré-authentifié de téléverser et d'exécuter du code arbitraire à distance. Un contournement est à appliquer. https://t.co/5A
@cert_ist
6 Aug 2025
62 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Trend Micro warns of Apex One zero-day exploited in attacks Trend Micro has warned of an actively exploited remote code execution vulnerability in its Apex One endpoint security platform, tracked as CVE-2025-54948 and CVE-2025-54987. The flaw stems from a command injection issue
@dCypherIO
6 Aug 2025
69 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Trend Micro Apex One flaws exploted in the wild (CVE-2025-54948, CVE-2025-54987) https://t.co/vQySu93kfQ #HelpNetSecurity #Cybersecurity https://t.co/lN5OEm9T4d
@PoseidonTPA
6 Aug 2025
81 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Trend Micro confirms active exploitation of critical Apex One flaws CVE-2025-54948 and CVE-2025-54987 in on-premise systems. Mitigations are available now; full patch expected mid-August 2025. #Vulnerability #SecurityJapan #ThreatIntel https://t.co/oCvsOuXwNM
@TweetThreatNews
6 Aug 2025
111 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Trend Micro warns of active exploitation of a zero-day in Apex One (CVE-2025-54948/54987) via command injection in the Management Console. Immediate mitigation is available before patches in mid-August 2025. #ApexOne #ZeroDay #Australia https://t.co/dHDQO26Jet
@TweetThreatNews
6 Aug 2025
123 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Trend Micro flaw (CVE-2025-54948 and CVE-2025-54987) lets attackers run code before login. Two critical bugs (CVSS 9.4) are being exploited right now in Apex One on-prem. Admins, patch fast — remote code execution is on the table. https://t.co/l34rnp3bC3
@Hackerslord_24
6 Aug 2025
97 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:on-premises:windows:*:*",
"vulnerable": true,
"matchCriteriaId": "84F26044-A0BB-442E-93BD-E836B4DD71F4"
}
],
"operator": "OR"
}
]
}
]