Trend Micro Patches Apex One Flaws: Hackers’ Console Injections Foiled!

Trend Micro patched two critical Apex One flaws allowing remote code execution via console injection. These vulnerabilities, actively exploited in the wild, were tracked as CVE-2025-54948 and CVE-2025-54987. While a temporary fix tool is available, it disables the Remote Install Agent feature, with a full patch expected by mid-August.

3P
Published: August 6, 2025 5:00 pmAdded: August 6, 2025 at 10:15 amAssembled by: The Editor
Pro Dashboard

Hot Take:

If cybercriminals were chefs, they’d be drooling over these Apex One RCE vulnerabilities like a perfectly cooked steak. Thankfully, Trend Micro is serving up piping hot patches to keep our digital diners safe from a bad case of malware food poisoning. Bon appétit!

Key Points:

  • Trend Micro patched two critical RCE vulnerabilities in Apex One Management Console.
  • The flaws, CVE-2025-54948 and CVE-2025-54987, have a CVSS score of 9.4.
  • Both vulnerabilities were actively exploited in the wild, prompting swift action.
  • Temporary fixes are available for on-premise users, with a full patch expected soon.
  • Security advisory recommends reviewing remote access and perimeter security policies.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?