SB2025080616 - Remote code execution in Trend Micro Apex One Management Console

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) OS Command Injection (CVE-ID: CVE-2025-54948)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation in management console. A remote unauthenticated attacker can upload malicious code and execute arbitrary commands on the affected system.

Note, the vulnerability is being actively exploited in the wild.

2) OS Command Injection (CVE-ID: CVE-2025-54987)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation in management console. A remote unauthenticated attacker can upload malicious code and execute arbitrary commands on the affected system.

Note, this vulnerability is identical to #VU113667 (CVE-2025-54948) but targets a different CPU architecture.

Remediation

Install update from vendor's website.

References

• https://success.trendmicro.com/en-US/solution/KA-0020652
• https://appweb.trendmicro.com/SupportNews/NewsDetail.aspx?id=5564
• https://www.zerodayinitiative.com/advisories/ZDI-25-771/
• https://www.zerodayinitiative.com/advisories/ZDI-25-772/