302/68 Thursday, August 21, 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting Trend Micro Apex One, identified as CVE-2025-54948, to its Known Exploited Vulnerabilities (KEV) Catalog after confirming that it has been actively exploited. This vulnerability is a command injection Remote Code Execution (RCE) flaw that allows unauthenticated attackers to upload malicious code and execute commands on the Apex One Management Console.
In August 2025, Trend Micro released patches for two vulnerabilities, CVE-2025-54948 and CVE-2025-54987 (rated CVSS 9.4). Both were reported by Jacky Hsieh of CoreCloud Tech through the Trend Zero Day Initiative, and there is confirmed evidence of active exploitation on unpatched Apex One systems.
To address the threat, Trend Micro has provided a Mitigation Tool for on-premise Apex One users that disables the Remote Install Agent feature to block potential attacks. Meanwhile, Apex One as a Service users received an automatic update on July 31, 2025.
CISA has issued a directive under Binding Operational Directive (BOD) 22-01, requiring U.S. federal agencies to patch this vulnerability no later than September 8, 2025. The agency also strongly advises private sector organizations to urgently inspect and update their systems to defend against potential exploitation.
