Severity
High
Analysis Summary
CVE-2025-54948 CVSS:9.4
Trend Micro Apex One could allow a remote attacker to execute arbitrary commands on the system, caused by a vulnerability in the management console. An attacker could exploit this vulnerability to upload malicious code and execute commands on affected installations.
CVE-2025-54987 CVSS:9.4
Trend Micro Apex One could allow a remote attacker to execute arbitrary commands on the system, caused by a vulnerability in the management console. An attacker could exploit this vulnerability to upload malicious code and execute commands on affected installations.
Impact
- Gain Access
Indicators of Compromise
CVE
CVE-2025-54948
CVE-2025-54987
Affected Vendors
- Trend Micro
Affected Products
- Trend Micro Apex One 2019 (14.0)
Remediation
Refer to Trend Micro Security Advisory for patch, upgrade, or suggested workaround information.