PT-2025-31925 · Trend Micro · Trend Micro Apex One

Jacky Hsieh

Published

2025-08-05

Updated

2025-08-06

CVE-2025-54948

Report an issue

CVSS v3.1

9.4

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

Name of the Vulnerable Software and Affected Versions:

Trend Micro Apex One (on-premise) (affected versions not specified)

Description:

A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. This issue is actively exploited in the wild.

Recommendations:

At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

OS Command Injection

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2025-54948

ZDI-25-771

Affected Products

Trend Micro Apex One

PT-2025-31925 · Trend Micro · Trend Micro Apex One

Weakness Enumeration

Related Identifiers

Affected Products

References · 17