- Trend Micro warns its customers of a lack of critical severity in its solution to protect the termination points
- He has published an attenuation as it works on a patch
- Users are advised to apply attenuations as soon as possible
Trend Micro warns customers of an ongoing attack which abuses a vulnerability of critical gravity in one of its products.
The company said it recently discovered an order injection vulnerability in its on -site version of the Apex One management console – an advanced final security solution designed to protect business networks from a wide range of threats.
Vulnerability is followed in the form of CVE-2025-54948, that is CVE-2025-54987, according to the architecture of the CPU, and received a gravity score of 9.4 / 10 (critic). It allows threat actors to carry out the arbitrary code remotely, including malware.
Work on a patch
Trend Micro said it aims to release a patch in mid-August 2025, which should also restore this function.
“For this particular vulnerability, an attacker must have access to the management console tends micro apex one, so that customers who have an IP address of his external console should consider attenuating factors such as source restrictions if they are not already applied,” said the company.
“However, even if a feat may require several specific conditions to be met, Trend Micro strongly encourages customers to update themselves to the last versions as soon as possible.”
So far, the company has seen at least one attack take place in the wild, although it has not detailed where, against whom, if it were effective, or who are the threat actors.
Given that APEX One is mainly used in corporate environments and that the bug allows the execution of the remote code, it is sure to assume that the disbelievers use it to delete infosteralists and ransomware stations, while stealing sensitive files for extortion.
The faults are now mistreated in the wild, Trend Micro has published an attenuation measure to help defend its customers while it works on a patch. Attenuation, according to the Japanese certificate, deactivates administrators to use the remote installation agent function to deploy console agents.
Via Bleeping Compompute
