CVE-2025-54948 - PatchNow

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-08-05

Added to CISA KEV: 2025-08-18 13 DAYS BETWEEN CVE AND KEV

IMMEDIATE: Apply security patches to all Trend Micro Apex One installations (upgrade to 14.0.0.14039 or later)
URGENT: Isolate or restrict network access to Apex One management consoles until patched
Monitor for indicators of compromise including unauthorized file uploads, suspicious command execution, and unusual administrative activities
Implement network segmentation to limit management console exposure
Review access logs for evidence of exploitation attempts

ITW CRITICAL SECURITY BULLETIN: Trend Micro Apex One (On-Premise ...
This vulnerability is essentially the same as CVE-2025-54948 but targets a different CPU architecture. Mitigating Factors. Exploiting these type of ...
CVE-2025-54948 | Tenable®
A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code ...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
CISA Warns of Trend Micro Apex One OS Command Injection Vulnerability ...
The vulnerability, tracked as CVE-2025-54948 and classified under CWE-78, poses significant risks to organizations running on-premise installations of the enterprise security platform. Key Takeaways 1. CISA confirms CVE-2025-54948 attacks on Trend Micro Apex One.
CVE-2025-54948 & CVE-2025-54987 | Arctic Wolf
Both stem from a command injection issue that allows unauthenticated, remote threat actors to execute arbitrary code on vulnerable systems.

🔴 CVE-2025-54948