Trend Micro tells users to patch immediately to protect from Apex One zero-day

News
By published

Critical-severity flaw was found in Trend Micro's endpoint security solution

World Password Day 2025
(Image credit: Shutterstock)
  • Trend Micro warns its customers about a critical-severity flaw in its endpoint protection solution
  • It released a mitigation as it works on a patch
  • Users are advised to apply the mitigations as soon as possible

Trend Micro is warning customers of an ongoing attack which abuses a critical severity vulnerability in one of its products.

The company said it recently discovered a command injection vulnerability in its on-prem version of the Apex One Management Console - an advanced endpoint security solution designed to protect enterprise networks from a wide range of threats.

The vulnerability is tracked as either CVE-2025-54948, or CVE-2025-54987, depending on the CPU architecture, and was assigned a severity score of 9.4/10 (critical). It allows threat actors to remotely run arbitrary code, including malware.

Working on a patch

Trend Micro said it aims to release a patch in mid-August 2025, which should also restore this function.

"For this particular vulnerability, an attacker must have access to the Trend Micro Apex One Management Console, so customers that have their console's IP address exposed externally should consider mitigating factors such as source restrictions if not already applied," the company said.

"However, even though an exploit may require several specific conditions to be met, Trend Micro strongly encourages customers to update to the latest builds as soon as possible."

So far, the company has seen at least one attack taking place in the wild, although it did not detail where, against whom, if it was effective, or who the threat actors are.

Since Apex One is mostly used in enterprise environments, and the bug allows remote code execution, it is safe to assume miscreants are using it to drop infostealers and ransomware encryptors, while stealing sensitive files for extortion.

With the flaws now being being abused in the wild, Trend Micro released a mitigation measure to help defend its customers as it works on a patch. The mitigation, according to the Japanese CERT, disables admins from using the Remote Install Agent function to deploy agents from the console.

Via BleepingComputer

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.