Trend Micro Apex One Hit by Actively Exploited RCE Vulnerability
gbhackersTrend Micro has issued an urgent security bulletin warning customers of critical remote code execution vulnerabilities in its Apex One on-premise management console that are being actively exploited by attackers in the wild.
The cybersecurity company disclosed two command injection flaws on August 5, 2025, both carrying a maximum CVSS score of 9.4, indicating the severity of the threat to enterprise networks worldwide.
Critical Vulnerabilities Under Active Attack
The security flaws, tracked as CVE-2025-54948 and CVE-2025-54987, affect the Trend Micro Apex One Management Console running on Windows systems.
Both vulnerabilities stem from command injection weaknesses that allow pre-authenticated remote attackers to upload malicious code and execute arbitrary commands on affected installations.
The company confirmed that at least one instance of active exploitation has been observed, elevating the urgency for immediate protective measures.
These vulnerabilities specifically target Trend Micro Apex One 2019 Management Server Version 14039 and below.
| CVE ID ... |
Copyright of this story solely belongs to gbhackers . To see the full text click HERE