Trend Micro Confirms Active Exploitation of Critical Apex One Flaws in On-Premise Systems

Trend Micro Confirms Active Exploitation of Critical Apex One Flaws in On-Premise Systems

Posted on By CWS

Aug 06, 2025Ravie LakshmananVulnerability / Endpoint Safety
Pattern Micro has launched mitigations to handle vital safety flaws in on-premise variations of Apex One Administration Console that it mentioned have been exploited within the wild.
The vulnerabilities (CVE-2025-54948 and CVE-2025-54987), each rated 9.4 on the CVSS scoring system, have been described as administration console command injection and distant code execution flaws.
“A vulnerability in Pattern Micro Apex One (on-premise) administration console might permit a pre-authenticated distant attacker to add malicious code and execute instructions on affected installations,” the cybersecurity firm mentioned in a Tuesday advisory.
Whereas each shortcomings are basically the identical, CVE-2025-54987 targets a unique CPU structure. The Pattern Micro Incident Response (IR) Group and Jacky Hsieh at CoreCloud Tech have been credited with reporting the 2 flaws.

There are at the moment no particulars on how the problems are being exploited in real-world assaults. Pattern Micro mentioned it “noticed at the least one occasion of an try to actively exploit certainly one of these vulnerabilities within the wild.”
Mitigations for Pattern Micro Apex One as a Service have already been deployed as of July 31, 2025. A brief-term answer for on-premise variations is offered within the type of a repair device. A proper patch for the vulnerabilities is anticipated to be launched in mid-August 2025.
Nonetheless, Pattern Micro identified that whereas the device totally protects towards recognized exploits, it would disable the power for directors to make the most of the Distant Set up Agent operate to deploy brokers from the Pattern Micro Apex One Administration Console. It emphasised that different agent set up strategies, reminiscent of UNC path or agent package deal, are unaffected.
“Exploiting these sort of vulnerabilities typically require that an attacker has entry (bodily or distant) to a susceptible machine,” the corporate mentioned. “Along with well timed utility of patches and up to date options, clients are additionally suggested to evaluate distant entry to vital programs and guarantee insurance policies and perimeter safety is up-to-date.”

The Hacker News Tags:, , , , , , , , ,

Related Posts

Battering RAM Attack Breaks Intel and AMD Cloud Security Protections $50 Battering RAM Attack Breaks Intel and AMD Cloud Security Protections The Hacker News
A Look Inside Pillar’s AI Security Platform A Look Inside Pillar’s AI Security Platform The Hacker News
MS Teams Hack, MFA Hijacking, B Crypto Heist, Apple Siri Probe & More MS Teams Hack, MFA Hijacking, $2B Crypto Heist, Apple Siri Probe & More The Hacker News
Active Exploitation Detected in Gladinet and TrioFox Vulnerability Active Exploitation Detected in Gladinet and TrioFox Vulnerability The Hacker News
A Technical Gap Analysis of Last-Mile Protection A Technical Gap Analysis of Last-Mile Protection The Hacker News
Why Secrets in JavaScript Bundles are Still Being Missed Why Secrets in JavaScript Bundles are Still Being Missed The Hacker News