Trend Micro Patches Apex One Vulnerabilities Exploited in Wild

Trend Micro Patches Apex One Vulnerabilities Exploited in Wild

Posted on By CWS

Development Micro is urging customers of the on-premises model of its Apex One endpoint safety resolution to put in updates that patch two zero-day vulnerabilities.

An advisory printed by the safety agency on Tuesday warns prospects that two important vulnerabilities tracked as CVE-2025-54948 and CVE-2025-54987 have been exploited within the wild in at the very least one occasion.

The safety holes, described as OS command injection points, affect the Apex One administration console and they are often exploited by a distant, unauthenticated attacker to add malicious code and execute instructions on impacted installations.

CVE-2025-54987 is described as “primarily the identical as CVE-2025-54948” however affecting a special CPU structure.

“For this explicit vulnerability, an attacker will need to have entry to the Development Micro Apex One Administration Console, so prospects which have their console’s IP handle uncovered externally ought to take into account mitigating components resembling supply restrictions if not already utilized,” Development Micro informed prospects.

In keeping with advisories printed by ZDI, the vulnerabilities have been reported to Development Micro on August 1 and it appears the corporate rushed to patch them.

No info has been shared on the zero-day assaults exploiting CVE-2025-54948 and/or CVE-2025-54987, however Chinese language cyberspies have been recognized to focus on Development Micro product vulnerabilities. 

Jacky Hsieh of Taiwan-based cybersecurity firm CoreCloud Tech has been credited for reporting the vulnerabilities. Contemplating that Taiwan is commonly a goal of Chinese language APT assaults, this implies that Chinese language risk actors could also be behind the newest Development Micro zero-day exploitation. Commercial. Scroll to proceed studying.

It’s not unusual for risk actors to focus on Development Micro product vulnerabilities of their assaults. CISA’s Recognized Exploited Vulnerabilities (KEV) catalog reveals that ten Development Micro flaws have been exploited within the wild since 2018.

Associated: ESET Vulnerability Exploited for Stealthy Malware Execution

Associated: Important Vulnerabilities Patched in Development Micro Apex Central, Endpoint Encryption

Associated: Development Micro Patches One other Apex One Vulnerability Exploited in Assaults

Security Week News Tags:, , , , , ,

Related Posts

Virtual Event Preview: Cloud & Data Security Summit – Tackling Exposed Attack Surfaces in the Cloud Virtual Event Preview: Cloud & Data Security Summit – Tackling Exposed Attack Surfaces in the Cloud Security Week News
Hackers Earn Over 0,000 on First Day of Pwn2Own Ireland 2025 Hackers Earn Over $520,000 on First Day of Pwn2Own Ireland 2025 Security Week News
Law Firms Warned of Silent Ransom Group Attacks Law Firms Warned of Silent Ransom Group Attacks Security Week News
Adobe Issues Out-of-Band Patches for AEM Forms Vulnerabilities With Public PoC Adobe Issues Out-of-Band Patches for AEM Forms Vulnerabilities With Public PoC Security Week News
Cisco Patches Zero-Day Flaw Affecting Routers and Switches Cisco Patches Zero-Day Flaw Affecting Routers and Switches Security Week News
Steelmaker Nucor Says Hackers Stole Data in Recent Attack Steelmaker Nucor Says Hackers Stole Data in Recent Attack Security Week News