Trend Micro has verified that critical vulnerabilities in Apex One on-premise systems are being actively exploited.

Trend Micro has announced mitigations for critical security vulnerabilities in the on-premise versions of Apex One Management Console, which have reportedly been exploited in the wild. The vulnerabilities, identified as CVE-2025-54948 and CVE-2025-54987, both received a CVSS score of 9.4 and are classified as management console command injection and remote code execution flaws. According to Trend Micro, these vulnerabilities could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. While both vulnerabilities are similar, CVE-2025-54987 specifically targets a different CPU architecture. The Trend Micro Incident Response Team and Jacky Hsieh from CoreCloud Tech are credited with reporting these issues.

Currently, there are no specific details on how these vulnerabilities are being exploited in real-world scenarios, although Trend Micro has noted at least one instance of an active exploit attempt. Mitigations for Trend Micro Apex One as a Service were deployed on July 31, 2025, while a short-term fix tool is available for on-premise versions. A formal patch is anticipated by mid-August 2025. However, the fix tool will disable the Remote Install Agent function for administrators, although other installation methods remain unaffected. Trend Micro advises customers to apply patches promptly and review remote access to critical systems to ensure robust security measures are in place.