- Trend Micro warns its clients about a critical severity failure in its final point protection solution
- Launched a mitigation while it works on a patch
- Users are recommended to apply mitigations as soon as possible
Trend Micro warns customers of a continuous attack that abuses a critical vulnerability of gravity in one of its products.
The company said that it recently discovered a vulnerability of command injection in its In -Prem version of the Apex One Management, an advanced final point security solution designed to protect business networks from a wide range of threats.
Vulnerability is tracked as CVE-2025-54948 or CVE-2025-54987, depending on the CPU architecture, and was assigned a gravity score of 9.4/10 (critical). It allows threat actors to execute the arbitrary code remotely, including malware.
Working in a patch
Trend Micro said that it aims to release a patch in mid -August 2025, which should also restore this function.
“For this particular vulnerability, an attacker must have access to the Micro Apex trend management console, so customers who have the IP address of their externally exposed console should consider attenuating factors, such as source restrictions if they do not apply,” said the company.
“However, despite the fact that an exploit may require several specific conditions to meet, Trend Micro encourages customers to update the latest compilations as soon as possible.”
Until now, the company has seen at least one attack in nature, although it did not detail where, against whom, if it was effective, or who are the threat actors.
Since Apex One is mainly used in business environments, and the error allows the execution of the remote code, it is safe to assume that criminals are using it to drop the encryptions of infosteators and ransomware, while stealing sensitive files for extortion.
With the failures that are now being abused in nature, Trend Micro launched a mitigation measure to help defend their customers while working in a patch. Mitigation, according to the Japanese certificate, will prevent administrators from using the function of remote installation agent to implement console agents.
Through Bleepingcomputer
