CVE-2025-54948: Trend Micro Apex One OS Command Injection Vulnerability

Published Aug 5, 2025
·
Updated

A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations.

Affected Software

3 affected components
Trend Micro Apex One
trendmicro Apex One Windows=2019
Trend Micro Apex One

Remediation

Patch Available

https://success.trendmicro.com/en-US/solution/KA-0020652

Information

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Event History

Dec 4, 2023
News Published
06:01 AM
Dec 18, 2023
News Published
02:25 AM
Jan 15, 2024
News Published
03:34 PM
Apr 29, 2024
News Published
02:29 AM
May 6, 2024
News Published
02:30 AM
May 13, 2024
News Published
02:21 AM
Jun 3, 2024
News Published
12:02 PM
Jul 1, 2024
News Published
03:35 AM
Jul 22, 2024
News Published
03:44 AM
Sep 30, 2024
News Published
03:02 AM
Nov 11, 2024
News Published
03:28 AM
Feb 10, 2025
News Published
02:30 AM
Mar 3, 2025
News Published
03:31 AM
Mar 10, 2025
News Published
01:56 AM
Jul 13, 2025
News Published
11:46 PM
Jul 21, 2025
News Published
12:13 AM
Jul 28, 2025
News Published
12:29 AM
Aug 4, 2025
News Published
12:01 AM
Aug 5, 2025
CVE Published
via MITRE·01:00 PM
Data Sourced
via MITRE·01:00 PM
DescriptionSeverity
Data Sourced
via NVD·01:15 PM
RemedyDescriptionSeverityWeaknessAffected Software
Aug 6, 2025
News Published
via BleepingComputer·10:06 AM
News Published
via BleepingComputer·10:07 AM
Aug 10, 2025
News Published
10:39 PM
Aug 18, 2025
Known Exploited
via CISA·12:00 AM
Data Sourced
via CISA·12:00 AM
RemedyDescriptionAffected Software
Sep 8, 2025
News Published
via The Register·11:46 AM
News Published
via The Register·11:49 AM
Feb 26, 2026
News Published
via BleepingComputer·05:58 PM
May 22, 2026
News Published
via BleepingComputer·01:39 PM
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2025-54948?

CVE-2025-54948 is considered a high-severity vulnerability due to its potential for remote code execution.

2

How do I fix CVE-2025-54948?

To fix CVE-2025-54948, update to the latest version of Trend Micro Apex One provided by the vendor.

3

What are the potential impacts of CVE-2025-54948?

CVE-2025-54948 could allow an attacker to upload malicious code and execute commands on affected Trend Micro Apex One installations.

4

Who is affected by CVE-2025-54948?

Organizations using the on-premise version of Trend Micro Apex One management console are affected by CVE-2025-54948.

5

Is CVE-2025-54948 being actively exploited?

At this time, there is no public information indicating that CVE-2025-54948 is being actively exploited in the wild.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203