Trend Micro urges users of Apex One to update their systems to fix two critical zero-day vulnerabilities that have been exploited in the wild. These vulnerabilities, CVE-2025-54948 and CVE-2025-54987, involve OS command injection and can allow remote attackers to execute malicious code. #TrendMicro #ApexOne #ZeroDayVulnerabilities
Keypoints
- Two zero-day vulnerabilities have been exploited in the wild affecting Trend Micro Apex One.
- The vulnerabilities are OS command injection flaws in the Apex One management console.
- An attacker needs access to the management console to exploit CVE-2025-54987.
- Trend Micro released patches after being informed of the vulnerabilities in August.
- Chinese threat actors are suspected to be behind the exploitation of these vulnerabilities.
Read More: https://www.securityweek.com/trend-micro-patches-apex-one-vulnerabilities-exploited-in-wild/