BeyondMachines :verified:@beyondmachines1@infosec.exchange
Critical flaws in Trend Micro Apex One Management Console actively exploited
Trend Micro issued an emergency bulletin for two critical command injection vulnerabilities (CVE-2025-54948 and CVE-2025-54987, CVSS 9.4) in its Apex One endpoint security platform that allow pre-authenticated attackers to execute malicious code and are being actively exploited in the wild.
If you're running on-premise Trend Micro Apex One 2019 (version 14039 or below), immediately download and run the "FixTool_Aug2025" mitigation tool. Your Apex One console is actively exploited. Then reach-out to Trend Micro for a patch and apply it as soon as it's available.
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-flaws-in-trend-micro-apex-one-management-console-actively-exploited-g-6-b-0-p/gD2P6Ple2L