CVE-2025-54948
BaseFortify
Publication date: 2025-08-05
Last updated on: 2025-10-31
Assigner: Trend Micro, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| trendmicro | apex_one | 2019 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Trend Micro Apex One (on-premise) management console allows a pre-authenticated remote attacker to upload malicious code and execute arbitrary commands on affected systems. It is a critical command injection remote code execution flaw (CWE-78) that requires no user interaction or privileges and can be exploited remotely, potentially compromising the system. [1]
How can this vulnerability impact me? :
The vulnerability can lead to remote code execution by an attacker without authentication, allowing them to run malicious commands on the affected system. This can result in high confidentiality impact, partial integrity loss, and high availability impact, potentially leading to system compromise, data breaches, or service disruption. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves identifying if the Trend Micro Apex One (on-premise) Management Console is running a vulnerable version (e.g., Apex One 2019 Management Server version 14039 on Windows). Since exploitation requires access to the Management Console, monitoring for unusual or unauthorized uploads or command executions on the console is critical. Network detection can include checking for external exposure of the console IP and reviewing remote access logs. Specific commands are not provided in the resources, but administrators should audit access logs and monitor for suspicious activity related to the Apex One Management Console. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the short-term mitigation tool FixTool_Aug2025.exe provided by Trend Micro, which fully protects against known exploits but disables Remote Install Agent functionality from the Management Console. Alternative agent deployment methods like UNC path or agent packages should be used instead. Additionally, customers with externally exposed console IPs should implement source restrictions, review remote access policies, and strengthen perimeter security to prevent unauthorized access. A formal critical patch restoring full functionality is expected around mid-August 2025. [1]