—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in Trend Micro Apex One 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: CRITICAL

Software Affected

Trend Micro Apex One (on-prem)

Management Server Version 14039 and below

Overview

Multiple Vulnerabilities have been reported in Trend Micro Apex One (on-prem) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on targeted System.

Target Audience:

IT Security Teams, System Administrators, CISOs / Security Leadership, Network Administrators, Incident Response Teams, Managed Service Providers (MSPs).

Risk Assessment:

Critical risks on confidentiality, integrity, and availability of the systems.

Impact Assessment:

Unauthorized access to sensitive information, compromise of integrity and confidentiality & Data Breach Risk.

Description

Trend Micro Apex One™ (On-Premise) is an advanced endpoint protection solution designed to safeguard enterprise environments from a wide range of threats – including malware, ransomware, spyware, and zero-day exploits.

1. Remote Code Execution Vulnerabilities ( CVE-2025-54948   CVE-2025-54987   )

Multiple vulnerabilities exist in Trend Micro Apex One (on-premise) management console due to improper sanitization of user inputs. A remote attacker could exploit it to execute arbitrary commands on the affected system.

Successful exploitation of these vulnerabilities could allow an attacker to upload malicious code and execute commands on targeted system.

Solution

Apply appropriate updates as mentioned

https://securityadvisories.paloaltonetworks.com/

Vendor Information

Trend Micro

https://securityadvisories.paloaltonetworks.com/

References

Trend Micro

https://securityadvisories.paloaltonetworks.com/

CVE Name

CVE-2025-54948

CVE-2025-54987

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmiWBj4ACgkQ3jCgcSdc

ys8bFg//dp8Jgceg71qf/sBUNmyCKUzpROhHLkrtpM99E2E5ARu6R3kiWPO2nQhj

ETTTA9cIz+UXi2RxWPjgLemvAqxYLtEue5YGeZ4usOJCH0pzD8EzDkrYhuY66Jln

jCGqwVa0QXaaoMm5hQhjc7g5/yld+cylXDq3NbF5jFi6wCjWcBo7/2fH2oi0kdFm

/LQ9mXdpppH3bRqSt6DnaUnh0Ru6WkZG0g/KRXi5DnEiEiujURqtgg51171Rsbch

x/iA453Dr2c/Vl9yejJ7Jfvp/px2G8Ye+WOPLtA72HkNFFxhkuSZKrKsOaVwJPj0

qs33Esx8/KhE92rhKTL2Fint1YMcjccrR0c7U3JCNj900rahfyDSpRpFmQUioTO9

WhLNMoGEXox9gXigzwod0KOWy1oLODQwNEUnEtE3PzeZrsnro7hiIh1GjJHd21yf

dtIjzlu8ouaGI/CXvIlORB3t/e5da2HWIwbOtH9gelh8ptQIGYa7Ebh+t9D+f+px

8gCYYWxlEON4OJqDJ/vdrwfsicBxYcc0pAGOZsU8PMJ7XaBsmIqokMOQGpQIZgch

E2BsdMMz5zK3TxaXcbUqkz5rl5D7LgCg2Fle6pBkKtd48lLw3LQewLheuM66hk14

Wp4ZT1Vz7nE908Pws7eYV9VtjSk+cHrNBbhbOJpCiztFh1LMLCw=

=/JbM

—–END PGP SIGNATURE—–