⚠ Actively exploited
Added to CISA KEV on 2025-08-18. Federal agencies required to patch by 2025-09-08. Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable..

CVE-2025-54948OS Command Injection in Micro INC Trend Micro Apex ONE

CWE-78OS Command Injection7 documents7 sources
Severity
9.8CRITICALNVD
CNA9.4VulnCheck9.4
EPSS
6.9%
top 8.56%
CISA KEV
KEV
Added 2025-08-18
Due 2025-09-08
Exploit
No known exploits
Affected products
2
Trend Micro INC Trend Micro Apex ONETrendmicro Apex ONE
Timeline
PublishedAug 5
KEV addedAug 18
KEV dueSep 8
CISA Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Description

A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5trend_micro_inc/trend_micro_apex_one2019 (14.0)14.0.0.14039

Patches

Patch: success.trendmicro.com

🔴Vulnerability Details

3
CVEList
CVE-2025-54948: A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and e2025-08-05
GHSA
GHSA-9r9v-427h-5388: A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and e2025-08-05
VulnCheck
Trend Micro Apex One OS Command Injection Vulnerability2025

📋Vendor Advisories

1
CISA
Trend Micro Apex One OS Command Injection Vulnerability2025-08-18

🕵️Threat Intelligence

1
Bleepingcomputer
Trend Micro warns of Apex One zero-day exploited in attacks2025-08-06
CVE-2025-54948 — OS Command Injection | cvebase