CVE-2025-54948

CRITICAL KEV

Trendmicro Apex One - OS Command Injection

Title source: rule

Description

A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations.

References (2)

[Patch, Vendor Advisory] https://success.trendmicro.com/en-US/solution/KA-0020652

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-54948

Scores

CVSS v3 9.4

EPSS 0.0986

EPSS Percentile 93.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

Details

CISA KEV 2025-08-18

VulnCheck KEV 2025-08-06

ENISA EUVD EUVD-2025-23621

CWE

CWE-78

Status published

Products (1)

trendmicro/apex_one 2019

Published Aug 05, 2025

KEV Added Aug 18, 2025

Tracked Since Feb 18, 2026