CVE-2025-54987

Published Aug 5, 2025

Last updated 7 months ago

CVSS critical 9.4
Trend Micro Apex One

Overview

Description
A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is essentially the same as CVE-2025-54948 but targets a different CPU architecture.
Source
security@trendmicro.com
NVD status
Analyzed
Products
apex_one

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

security@trendmicro.com
CWE-78

Social media

Hype score
Not currently trending

  1. Trend Micro Apex One の脆弱性(CVSS3.0スコア9.4緊急)。先週?だったかIPAもメールで緊急パッチの注意喚起してましたが、8/18に正式パッチリリースされてますね。お仕事早くて良いですね。オンプレ版Apexone お使い

    @ymgcakr_

    20 Aug 2025

    38 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Trend Microが悪用を観測したと報告し、CISAが既知の脆弱性カタログに登録しました。 CVE-2025-54948、CVE-2025-54987 対象製品: Trend Micro Apex One 管理コンソールのコマンドインジェクション脆弱性。未認証のリモート攻

    @t_nihonmatsu

    19 Aug 2025

    244 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. トレンドマイクロ株式会社    【注意喚起】弊社エンドポイント製品の脆弱性を悪用した攻撃を確認したことによる対応のお願い(CVE-2025-54948,CVE-2025-54987)    https://t.co/88amcizZUC

    @tarenyanco_10

    18 Aug 2025

    81 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. (CVE-2025-54948、CVE-2025-54987)の対応パッチがリリースされた模様。 https://t.co/Is2s0DkslC

    @MrGensui56

    18 Aug 2025

    119 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. トレンドマイクロ Apex Oneで複数の脆弱性-サイバー攻撃への悪用を確認(CVE-2025-54948,CVE-2025-54987) #セキュリティ対策Lab #セキュリティ #Security https://t.co/aIBreX26Uf

    @securityLab_jp

    12 Aug 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. CVE-2025-54987, CVE-2025-54948: Trend Micro Apex One Command Injection Zero-Days Exploited In The Wild https://t.co/oXgLWcjQlZ https://t.co/sjHN44YYJR

    @IT_Peurico

    12 Aug 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. CVE-2025-54987, CVE-2025-54948: Trend Micro Apex One Command Injection Zero-Days Exploited In The Wild https://t.co/ApNjRwV7f5 https://t.co/pBdLfXs6jB

    @ggrubamn

    12 Aug 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. CVE-2025-54987, CVE-2025-54948: Trend Micro Apex One Command Injection Zero-Days Exploited In The Wild https://t.co/rM4qLCZcG2 https://t.co/MarVUtm2d7

    @dansantanna

    12 Aug 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. 🚨 CVE-2025-54987 y CVE-2025-54948 vulnerabilidades de inyección de comandos que afectan a la consola de administración de Trend Micro Apex One. Un atacante no autenticado con acceso físico o de red a un equipo vulnerable puede cargar archivos arbitrarios https://t.co/GN60g

    @ciberseguridadx

    11 Aug 2025

    50 Impressions

    1 Retweet

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. 🚨 Critical Flaws in Trend Micro Apex One Exploited in the Wild! Two high-severity RCE vulns (CVE-2025-54948 & CVE-2025-54987) under active attack. Patches coming mid-August—apply mitigations now! #TrendMicro #CyberAttack https://t.co/WmTIWGshQL

    @CyberWolfGuard

    10 Aug 2025

    62 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. CVE-2025-54987 (CVSS:9.4, CRITICAL) is Awaiting Analysis. A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker ..https://t.co/Qg2ALiJU4b #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    10 Aug 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. CVE-2025-54987, CVE-2025-54948: Trend Micro Apex One Command Injection Zero-Days Exploited In The Wild https://t.co/EPhSh7pecS https://t.co/oK58vMKObJ

    @TechMash365

    9 Aug 2025

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. 🚨🚨Two critical flaws in Trend Micro Apex One (on-prem) management console. Remote attackers can exploit pre-auth RCE, upload malicious code, and take full control. CVE-2025-54948: Hits one CPU arch hard. CVE-2025-54987: Basically the evil twin for a different CPU setup. htt

    @zoomeye_team

    8 Aug 2025

    947 Impressions

    3 Retweets

    8 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  14. Trend Micro Confirms Active Exploitation of Critical Apex One Flaws in On-Premise Systems. The vulnerabilities (CVE-2025-54948 and CVE-2025-54987), both rated 9.4 on the CVSS scoring system. https://t.co/nXPKboPPQN https://t.co/2Wdb4p9uXw

    @riskigy

    7 Aug 2025

    53 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. CVE-2025-54987, CVE-2025-54948: Trend Micro Apex One Command Injection Zero-Days Exploited In The Wild https://t.co/I2LOfBi6At https://t.co/bpAnK9YgWY

    @Trej0Jass

    7 Aug 2025

    67 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. CVE-2025-54987, CVE-2025-54948: Trend Micro Apex One Command Injection Zero-Days Exploited In The Wild https://t.co/L8VWCtSPF1 https://t.co/9uyzoSvlRq

    @Art_Capella

    7 Aug 2025

    51 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. CVE-2025-54987, CVE-2025-54948: Trend Micro Apex One Command Injection Zero-Days Exploited In The Wild https://t.co/Oo7QWbYsk4 https://t.co/df0CeqJ6JP

    @pcasano

    7 Aug 2025

    74 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. 💡マイクロソフト、マルウェアの自動分類にAIツールを活用する「Project Ire」を発表 🚨Trend Micro Apex Oneの脆弱性が悪用される(CVE-2025-54948、CVE-2025-54987) 〜サイバーアラート8月7日〜 https://t.co/BXtTOnAeph #セキ

    @MachinaRecord

    7 Aug 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. 🚨 Breaking: Hackers exploit zero-day flaws in Trend Micro Apex One (CVE-2025-54948 & CVE-2025-54987), possibly linked to Chinese threat actors. If you use this endpoint security tool, patch NOW to avoid command injection attacks! #CyberSecurity #ZeroDay https://t.co/mCSDxQ

    @SecurityHelpAi

    6 Aug 2025

    69 Impressions

    2 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  20. #TrendMicro ha publicado mitigaciones para abordar fallas de seguridad críticas en las versiones locales de Apex One Management Console que, según afirma, han sido explotadas de forma activa. CVE-2025-54948 y CVE-2025-54987 #2025 #Infosed #BT https://t.co/fQIGFZKCrb

    @BrierandThornMX

    6 Aug 2025

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. ⚠️Vulnerabilidades en los productos de Trend Micro ❗CVE-2025-54948 ❗CVE-2025-54987 ➡️Más info: https://t.co/sbe92Qtr3Z https://t.co/qYsEv59nWt

    @CERTpy

    6 Aug 2025

    90 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. Trend Micro Apex One : l'éditeur confirme de multiples exploitations des CVE-2025-54948 et CVE-2025-54987 (CVSS 9.4) qui permettent à un attaquant pré-authentifié de téléverser et d'exécuter du code arbitraire à distance. Un contournement est à appliquer. https://t.co/5A

    @cert_ist

    6 Aug 2025

    62 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. Trend Micro warns of Apex One zero-day exploited in attacks Trend Micro has warned of an actively exploited remote code execution vulnerability in its Apex One endpoint security platform, tracked as CVE-2025-54948 and CVE-2025-54987. The flaw stems from a command injection issue

    @dCypherIO

    6 Aug 2025

    69 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. Trend Micro Apex One flaws exploted in the wild (CVE-2025-54948, CVE-2025-54987) https://t.co/vQySu93kfQ #HelpNetSecurity #Cybersecurity https://t.co/lN5OEm9T4d

    @PoseidonTPA

    6 Aug 2025

    81 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. Trend Micro confirms active exploitation of critical Apex One flaws CVE-2025-54948 and CVE-2025-54987 in on-premise systems. Mitigations are available now; full patch expected mid-August 2025. #Vulnerability #SecurityJapan #ThreatIntel https://t.co/oCvsOuXwNM

    @TweetThreatNews

    6 Aug 2025

    111 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. 🚨 Trend Micro flaw (CVE-2025-54948 and CVE-2025-54987) lets attackers run code before login. Two critical bugs (CVSS 9.4) are being exploited right now in Apex One on-prem. Admins, patch fast — remote code execution is on the table. https://t.co/l34rnp3bC3

    @Hackerslord_24

    6 Aug 2025

    97 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  27. #TrendMicro Apex One flaws exploted in the wild (CVE-2025-54948, CVE-2025-54987) https://t.co/7ep6Pknmzi https://t.co/FsemCRuP9M

    @evanderburg

    6 Aug 2025

    91 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. 🚨 Trend Micro flaw (CVE-2025-54948 and CVE-2025-54987) lets attackers run code before login. Two critical bugs (CVSS 9.4) are being exploited right now in Apex One on-prem. Admins, patch fast — remote code execution is on the table. what you need to know https://t.co/wAFjWO

    @Emmythetechs

    6 Aug 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. 📌 أعلنت شركة Trend Micro عن استغلال نشط لثغرات حرجة في أنظمة Apex One المحلية. أصدرت الشركة تدابير تصحيحية للثغرات (CVE-2025-54948 وCVE-2025-54987) التي تم تصنيفها بـ 9.4 على نظا

    @Cybercachear

    6 Aug 2025

    55 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  30. 🚨 Trend Micro flaw (CVE-2025-54948 and CVE-2025-54987) lets attackers run code before login. Two critical bugs (CVSS 9.4) are being exploited right now in Apex One on-prem. Admins, patch fast — remote code execution is on the table. Here’s what you need to know ↓ http

    @TheHackersNews

    6 Aug 2025

    12567 Impressions

    37 Retweets

    81 Likes

    14 Bookmarks

    1 Reply

    2 Quotes

  31. 【ApexOneの緊急脆弱性、攻撃で悪用済】 Apex Oneで確認された管理コンソールに対するコマンドインジェクションによるリモートコード実行の脆弱性(CVE-2025-54948, CVE-2025-54987) → https://t.co/P8Yqo7w7Hw > 注意:トレ

    @ripjyr

    6 Aug 2025

    371 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  32. 🔴 CVE-2025-54948 & CVE-2025-54987: Trend Micro Apex One, Management Console Command Injection RCE Vulnerability (pre-authenticated). "Trend Micro has observed as least one instance of an attempt to actively exploit one of these vulnerabilities in the wild." [+] https:/

    @1ZRR4H

    5 Aug 2025

    3074 Impressions

    12 Retweets

    26 Likes

    12 Bookmarks

    0 Replies

    0 Quotes

  33. CVE-2025-54987 A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands … https://t.co/GyznHYfNSR

    @CVEnew

    5 Aug 2025

    93 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  34. Exploited in the wild: 🟥 CVE-2025-54948 and CVE-2025-54987, CVSS: 9.4 (#Critical) Trend Micro Apex One (on-premise) version 2019 Management Server. Vulnerabilities allow pre-authenticated remote attackers to upload malicious code and execute commands. FixTool_Aug2025 htt

    @UjlakiMarci

    5 Aug 2025

    327 Impressions

    1 Retweet

    3 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  35. [CVE-2025-54987: CRITICAL] Critical vulnerability identified in Trend Micro Apex One management console allows remote attacker to upload malicious code and execute commands on affected systems, affecting a n...#cve,CVE-2025-54987,#cybersecurity https://t.co/5ynYgItKsH https://t.c

    @CveFindCom

    5 Aug 2025

    59 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Trend Micro Apex One OS Command Injection VulnerabilityCVE-2025-54948
  2. An uncontrolled search path vulnerability in the Trend Micro Apex One Data Loss Prevention module could allow an attacker to inject malicious code leading to arbitrary code execution on affected installations.CVE-2025-49155
  3. A link following vulnerability in the Trend Micro Apex One Damage Cleanup Engine could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.CVE-2025-49157
  4. An uncontrolled search path vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.CVE-2025-49158
  5. A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.CVE-2025-49156

References

Sources include official advisories and independent security research.