CISA has issued a important warning concerning a high-severity OS command injection vulnerability in Development Micro Apex One Administration Console that menace actors are actively exploiting within the wild.
The vulnerability, tracked as CVE-2025-54948 and categorized beneath CWE-78, poses vital dangers to organizations working on-premise installations of the enterprise safety platform.
Key Takeaways1. CISA confirms CVE-2025-54948 assaults on Development Micro Apex One.2. Distant attackers execute OS instructions with out authentication on on-premise techniques.3. Patch instantly or discontinue use if unavailable.
OS Command Injection Flaw (CVE-2025-54948)
The CVE-2025-54948 vulnerability impacts Development Micro Apex One Administration Console on-premise deployments, making a harmful assault vector for pre-authenticated distant attackers.
This OS command injection flaw allows malicious actors to add arbitrary code and execute system instructions on compromised installations, probably main to finish system compromise.
The vulnerability stems from inadequate enter validation throughout the administration console interface, permitting attackers to inject malicious OS instructions via specifically crafted requests.
As soon as exploited, the flaw grants attackers the flexibility to execute arbitrary instructions with the privileges of the applying, successfully bypassing safety controls and gaining unauthorized entry to delicate techniques.
Safety researchers have categorized this vulnerability beneath CWE-78 (Improper Neutralization of Particular Parts utilized in an OS Command), indicating insufficient sanitization of user-supplied enter earlier than passing it to system command execution capabilities.
The pre-authenticated nature of the exploit makes it notably regarding, as attackers don’t require legitimate credentials to leverage the vulnerability.
Danger FactorsDetailsAffected ProductsTrend Micro Apex One Administration Console (on-premise installations)ImpactRemote code execution, arbitrary command executionExploit PrerequisitesPre-authenticated distant accessCVSS 3.1 Score9.8 (Crucial)
Mitigations
CISA has added CVE-2025-54948 to its Recognized Exploited Vulnerabilities Catalog on August 18, 2025, with a compulsory remediation deadline of September 8, 2025, for federal companies.
The company strongly recommends that organizations apply vendor-provided mitigations instantly or discontinue use of affected merchandise if patches are unavailable.
Whereas it stays unknown whether or not this vulnerability has been integrated into ransomware campaigns, the lively exploitation standing signifies subtle menace actors are already weaponizing this flaw.
Organizations ought to prioritize patching efforts and implement extra community segmentation controls round Apex One deployments as interim protecting measures.
Development Micro has launched safety advisories and remediation steering via its technical help channels.
System directors ought to instantly evaluate their Apex One Administration Console deployments, apply accessible safety updates, and monitor for suspicious authentication makes an attempt or uncommon system command execution patterns.
Safely detonate suspicious recordsdata to uncover threats, enrich your investigations, and reduce incident response time. Begin with an ANYRUN sandbox trial →
