Trend Micro Patches Apex One Vulnerabilities Exploited in Wild

Trend Micro Patches Apex One Vulnerabilities Exploited in Wild

Posted on By CWS

Development Micro is urging customers of the on-premises model of its Apex One endpoint safety resolution to put in updates that patch two zero-day vulnerabilities.

An advisory printed by the safety agency on Tuesday warns prospects that two important vulnerabilities tracked as CVE-2025-54948 and CVE-2025-54987 have been exploited within the wild in at the very least one occasion.

The safety holes, described as OS command injection points, affect the Apex One administration console and they are often exploited by a distant, unauthenticated attacker to add malicious code and execute instructions on impacted installations.

CVE-2025-54987 is described as “primarily the identical as CVE-2025-54948” however affecting a special CPU structure.

“For this explicit vulnerability, an attacker will need to have entry to the Development Micro Apex One Administration Console, so prospects which have their console’s IP handle uncovered externally ought to take into account mitigating components resembling supply restrictions if not already utilized,” Development Micro informed prospects.

In keeping with advisories printed by ZDI, the vulnerabilities have been reported to Development Micro on August 1 and it appears the corporate rushed to patch them.

No info has been shared on the zero-day assaults exploiting CVE-2025-54948 and/or CVE-2025-54987, however Chinese language cyberspies have been recognized to focus on Development Micro product vulnerabilities. 

Jacky Hsieh of Taiwan-based cybersecurity firm CoreCloud Tech has been credited for reporting the vulnerabilities. Contemplating that Taiwan is commonly a goal of Chinese language APT assaults, this implies that Chinese language risk actors could also be behind the newest Development Micro zero-day exploitation. Commercial. Scroll to proceed studying.

It’s not unusual for risk actors to focus on Development Micro product vulnerabilities of their assaults. CISA’s Recognized Exploited Vulnerabilities (KEV) catalog reveals that ten Development Micro flaws have been exploited within the wild since 2018.

Associated: ESET Vulnerability Exploited for Stealthy Malware Execution

Associated: Important Vulnerabilities Patched in Development Micro Apex Central, Endpoint Encryption

Associated: Development Micro Patches One other Apex One Vulnerability Exploited in Assaults

Security Week News Tags:, , , , , ,

Related Posts

New ‘SmartAttack’ Steals Air-Gapped Data Using Smartwatches New ‘SmartAttack’ Steals Air-Gapped Data Using Smartwatches Security Week News
Root Evidence Launches With .5 Million in Seed Funding Root Evidence Launches With $12.5 Million in Seed Funding Security Week News
CISA Warns of CWP Vulnerability Exploited in the Wild CISA Warns of CWP Vulnerability Exploited in the Wild Security Week News
Global Effort Shuts Down Tycoon 2FA Phishing Network Global Effort Shuts Down Tycoon 2FA Phishing Network Security Week News
Urgent Patch Needed for Critical Citrix NetScaler Vulnerability Urgent Patch Needed for Critical Citrix NetScaler Vulnerability Security Week News
Critical Microsens Product Flaws Allow Hackers to Go ‘From Zero to Hero’ Critical Microsens Product Flaws Allow Hackers to Go ‘From Zero to Hero’ Security Week News