By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
World of SoftwareWorld of SoftwareWorld of Software
  • News
  • Software
  • Mobile
  • Computing
  • Gaming
  • Videos
  • More
    • Gadget
    • Web Stories
    • Trending
    • Press Release
Search
  • Privacy
  • Terms
  • Advertise
  • Contact
Copyright © All Rights Reserved. World of Software.
Reading: Trend Micro Confirms Active Exploitation of Critical Apex One Flaws in On-Premise Systems
Share
Sign In
Notification Show More
Font ResizerAa
World of SoftwareWorld of Software
Font ResizerAa
  • Software
  • Mobile
  • Computing
  • Gadget
  • Gaming
  • Videos
Search
  • News
  • Software
  • Mobile
  • Computing
  • Gaming
  • Videos
  • More
    • Gadget
    • Web Stories
    • Trending
    • Press Release
Have an existing account? Sign In
Follow US
  • Privacy
  • Terms
  • Advertise
  • Contact
Copyright © All Rights Reserved. World of Software.
World of Software > Computing > Trend Micro Confirms Active Exploitation of Critical Apex One Flaws in On-Premise Systems
Computing

Trend Micro Confirms Active Exploitation of Critical Apex One Flaws in On-Premise Systems

News Room
Last updated: 2025/08/06 at 6:51 AM
News Room Published 6 August 2025
Share
SHARE

Aug 06, 2025Ravie LakshmananVulnerability / Endpoint Security

Trend Micro has released mitigations to address critical security flaws in on-premise versions of Apex One Management Console that it said have been exploited in the wild.

The vulnerabilities (CVE-2025-54948 and CVE-2025-54987), both rated 9.4 on the CVSS scoring system, have been described as management console command injection and remote code execution flaws.

“A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations,” the cybersecurity company said in a Tuesday advisory.

While both shortcomings are essentially the same, CVE-2025-54987 targets a different CPU architecture. The Trend Micro Incident Response (IR) Team and Jacky Hsieh at CoreCloud Tech have been credited with reporting the two flaws.

Cybersecurity

There are currently no details on how the issues are being exploited in real-world attacks. Trend Micro said it “observed at least one instance of an attempt to actively exploit one of these vulnerabilities in the wild.”

Mitigations for Trend Micro Apex One as a Service have already been deployed as of July 31, 2025. A short-term solution for on-premise versions is available in the form of a fix tool. A formal patch for the vulnerabilities is expected to be released in mid-August 2025.

However, Trend Micro pointed out that while the tool fully protects against known exploits, it will disable the ability for administrators to utilize the Remote Install Agent function to deploy agents from the Trend Micro Apex One Management Console. It emphasized that other agent install methods, such as UNC path or agent package, are unaffected.

“Exploiting these type of vulnerabilities generally require that an attacker has access (physical or remote) to a vulnerable machine,” the company said. “In addition to timely application of patches and updated solutions, customers are also advised to review remote access to critical systems and ensure policies and perimeter security is up-to-date.”

Sign Up For Daily Newsletter

Be keep up! Get the latest breaking news delivered straight to your inbox.
By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
Share This Article
Facebook Twitter Email Print
Share
What do you think?
Love0
Sad0
Happy0
Sleepy0
Angry0
Dead0
Wink0
Previous Article Valve’s ACO Compiler Used By AMD Drivers Optimize Scheduling Heuristic For Newer GPUs
Next Article Some Sonos Roam Speakers Are Overheating, Melting the USB-C Port
Leave a comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Stay Connected

248.1k Like
69.1k Follow
134k Pin
54.3k Follow

Latest News

.NET Aspire 9.4 Released with CLI GA, Interactive Dashboards, and Advanced Deployment Features
News
Unusual Food Pairings That Surprisingly Work
Gadget
Nvidia rejects US demand for backdoors in AI chips
News
Creating a Brand Mood Board that Drives All Future Design Decisions
Computing

You Might also Like

Computing

Creating a Brand Mood Board that Drives All Future Design Decisions

12 Min Read
Computing

Linux 6.17 Fixes A Performance Bottleneck In The Futex Code

1 Min Read
Computing

103 ByteDance employees dismissed for corruption and other misconduct · TechNode

1 Min Read
Computing

Naima McLean at ALX, leading Africa’s creative tech economy

8 Min Read
//

World of Software is your one-stop website for the latest tech news and updates, follow us now to get the news that matters to you.

Quick Link

  • Privacy Policy
  • Terms of use
  • Advertise
  • Contact

Topics

  • Computing
  • Software
  • Press Release
  • Trending

Sign Up for Our Newsletter

Subscribe to our newsletter to get our newest articles instantly!

World of SoftwareWorld of Software
Follow US
Copyright © All Rights Reserved. World of Software.
Welcome Back!

Sign in to your account

Lost your password?