CISA Flags Actively Exploited Trend Micro Apex One Vulnerability (CVE-2025-54948)
Do Son 
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Trend Micro Apex One vulnerabilityβCVE-2025-54948βto its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation in the wild.
Trend Micro Apex One is a widely deployed endpoint security platform designed to detect and respond to malicious tools, malware, and other security threats. However, the newly disclosed flaw poses a severe risk to organizations relying on the software for protection.
According to Trend Microβs advisory, the vulnerability is a remote code execution (RCE) bug caused by a command injection weakness in the Apex One Management Console (on-premise). Alarmingly, the flaw can be exploited without authentication, allowing attackers to execute arbitrary commands remotely.
Trend Micro explains:
βWhile it will fully protect against known exploits, it will disable the ability for administrators to utilize the Remote Install Agent function to deploy agents from the Trend Micro Apex One Management Console.β
This temporary mitigation underscores the trade-off organizations may face between immediate security and administrative functionality.
Trend Micro has confirmed at least one exploitation attempt:
βTrend Micro has observed at least one instance of an attempt to actively exploit one of these vulnerabilities in the wild.β
Such activity highlights the urgent need for patching, as attackers are already probing for unprotected instances. Since the vulnerability affects on-premise deployments, organizations with exposed consoles face the greatest risk.
Given the severity of the flaw, CISA has mandated that all Federal Civilian Executive Branch (FCEB) agencies remediate the vulnerability by September 8, 2025. This directive ensures timely action across federal networks but also signals the broader urgency for private-sector organizations to act immediately.
Related Posts:
- Critical Command Injection Flaws in Trend Micro Apex One Actively Exploited
- Critical Trend Micro Apex Central Flaws: Pre-Auth RCE (CVSS 9.8) Threatens Your Security
- Mozilla Ceases China Operations: Firefox to Exit Local Business, Focus on Global Direct Support
- CVE-2023-41179: Critical 0-day Trend Micro Endpoint Security Vulnerability
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
