A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations.
References
| Link | Resource |
|---|---|
| https://success.trendmicro.com/en-US/solution/KA-0020652 | Patch Vendor Advisory |
| https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-54948 |
Configurations
History
21 Oct 2025, 23:17
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
21 Oct 2025, 20:20
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
21 Oct 2025, 19:21
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
12 Aug 2025, 14:10
| Type | Values Removed | Values Added |
|---|---|---|
| Summary |
|
|
| CPE | cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:on-premises:windows:*:* | |
| References | () https://success.trendmicro.com/en-US/solution/KA-0020652 - Patch, Vendor Advisory | |
| First Time |
Trendmicro
Trendmicro apex One |
05 Aug 2025, 13:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-08-05 13:15
Updated : 2025-10-21 23:17
NVD link : CVE-2025-54948
Mitre link : CVE-2025-54948
CVE.ORG link : CVE-2025-54948
JSON object : View
Products Affected
trendmicro
- apex_one
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')