【Vulnerability Alert】 Two critical security vulnerabilities exist in Trend Micro Apex One management console

publish date : 2025-08-18 update date : 2025-08-18

Source: Ministry of education information & communication security contingency platform


Publication Number	TACERT-ANA-2025080604083838	Publication Time	2025/08/06 16:18
Incident Type	ANA-Vulnerability Alert	Discovery Time	2025/08/06 16:18
Impact Level	Low
[Subject] 【Vulnerability Alert】 Two critical security vulnerabilities exist in Trend Micro Apex One management console
[Content] Forwarded from TWCERTCC-200-202508-00000002 Apex One is an integrated endpoint security solution under Trend Micro, providing centralized management functions that can effectively protect enterprise endpoints from various cybersecurity threats. Recently, Trend Micro released two critical security vulnerabilities (CVE-2025-54948, CVSS: 9.4 and CVE-2025-54987, CVSS: 9.4). Both are operating system command injection vulnerabilities that allow pre-authorized remote attackers to upload malicious code and execute commands. Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform] Apex One (on-prem) 2019 version 14.0.0.14039 and earlier versions
[Recommended Actions] Please perform patching according to the solution released on the official website: https://success.trendmicro.com/en-US/solution/KA-0020652
[Reference] https://www.twcert.org.tw/tw/cp-169-10314-4907b-1.html

(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw

Organizer: Computer Center

Click Num:

Share