Trend Micro has released mitigations for critical vulnerabilities in on-premise Apex One Management Console, which have been exploited in the wild. These flaws, CVE-2025-54948 and CVE-2025-54987, enable remote command injection and code execution, posing significant security risks. #CVE202554948 #CVE202554987
Keypoints
- Two critical vulnerabilities in Apex One Management Console have been identified and exploited in real-world scenarios.
- The flaws, CVE-2025-54948 and CVE-2025-54987, allow remote attackers to execute malicious code via command injection.
- Mitigations, including a fix tool, are available now, with a full patch expected in mid-August 2025.
- Using the mitigation tool will disable the Remote Install Agent function, affecting some deployment methods.
- Trend Micro advises reviewing remote access policies and ensuring perimeter security alongside prompt patch application.
Read More: https://thehackernews.com/2025/08/trend-micro-confirms-active.html