Cybersecurity firm Trend Micro has warned customers that attackers are actively targeting critical vulnerabilities in on-premises Apex One Management Consoles.
The vulnerabilities, CVE-2025-54948 and CVE-2025-54987, were disclosed in a critical security bulletin on August 5. They impact Trend Micro Apex One (on-prem) machines Management Server Version 14039 and below.
The remote code execution (RCE) flaws can enable a pre-authenticated attacker to upload malicious code and execute commands on affected installations.
The two vulnerabilities are essentially the same but target a different CPU architecture on Apex One, Trend Micro wrote.
Both vulnerabilities have been given a critical CVE rating of 9.4.
“Trend Micro has observed as least one instance of an attempt to actively exploit one of these vulnerabilities in the wild,” the company warned.
Temporary Fix Available, Formal Patch to Follow
Trend Micro has released a mitigation tool to enable customers to protect against exploitation.
However, this is only a short-term fix. A more formal critical patch for Apex One is expected to be released around mid-August 2025.
“The fix tool listed in this bulletin is a short-term mitigation, and while it will fully protect against known exploits, it will disable the ability for administrators to utilize the Remote Install Agent function to deploy agents from the Trend Micro Apex One Management Console,” the company noted.
Trend Micro also notified customers that a key backend certificate in Apex One will be updated near the end of September 2025. As a result, several on-premise products will need to be at a minimum version to prevent issues with updates.
As exploitation of the two vulnerabilities generally requires an attacker to gain physical or remote access to a vulnerable machine, Trend Micro advised customers to undertake additional mitigation measures alongside applying the temporary fix.
- Review remote access to critical systems
- Ensure policies and perimeter security is up to date
- Customers that have their console’s IP address exposed externally should consider mitigation factors such as source restrictions
Trend Micro acknowledged the work of its incident response team and Jacky Hsieh, senior researcher at CoreCloud Tech, for discovering and responsibly disclosing the vulnerabilities.
Image credit: photo_gonzo / Shutterstock.com