Trend Micro Patches Apex One Vulnerabilities Exploited in Wild

Trend Micro is urging users of the on-premises version of its Apex One endpoint security solution to install updates that patch two zero-day vulnerabilities.

An advisory published by the security firm on Tuesday warns customers that two critical vulnerabilities tracked as CVE-2025-54948 and CVE-2025-54987 have been exploited in the wild in at least one instance.

The security holes, described as OS command injection issues, impact the Apex One management console and they can be exploited by a remote, unauthenticated attacker to upload malicious code and execute commands on impacted installations.

CVE-2025-54987 is described as “essentially the same as CVE-2025-54948” but affecting a different CPU architecture.

“For this particular vulnerability, an attacker must have access to the Trend Micro Apex One Management Console, so customers that have their console’s IP address exposed externally should consider mitigating factors such as source restrictions if not already applied,” Trend Micro told customers.

According ...