Crucial command injection distant code execution (RCE) vulnerabilities in Development Micro Apex One Administration Console are at the moment being actively exploited by menace actors.
The corporate confirmed observing at the very least one occasion of tried exploitation in manufacturing environments, prompting the instant launch of emergency mitigation instruments.
Key Takeaways1. Two RCE vulnerabilities actively exploited in Development Micro Apex One Administration Console.2. Development Micro launched FixTool_Aug2025.exe for instant safety.3. Apply emergency repair now for Apex One Administration Server Model 14039 and beneath.
Command Injection RCE Vulnerabilities
Two vital vulnerabilities have been recognized in Development Micro Apex One (on-premise) techniques, designated as CVE-2025-54948 and CVE-2025-54987.
Each vulnerabilities carry a CVSS 3.1 rating of 9.4, indicating most severity danger. These command injection flaws, categorized below CWE-78: OS Command Injection, permit pre-authenticated distant attackers to add malicious code and execute arbitrary instructions on affected installations.
The vulnerabilities particularly goal Development Micro Apex One Administration Server Model 14039 and beneath on Home windows platforms.
CVE-2025-54987 represents basically the identical vulnerability as CVE-2025-54948 however targets totally different CPU architectures, increasing the potential assault floor.
Safety researchers from Development Micro’s Incident Response Crew and Jacky Hsieh from CoreCloud Tech, working with the Development Zero Day Initiative, are credited with responsibly disclosing these vital safety flaws.
The assault vector requires attackers to have entry to the Development Micro Apex One Administration Console, making organizations with externally uncovered console IP addresses significantly weak.
Nonetheless, the pre-authenticated nature of those exploits implies that as soon as attackers achieve preliminary entry, they will escalate privileges and execute system-level instructions with out extra authentication boundaries.
CVE IDTitleCVSS 3.1 ScoreSeverityCVE-2025-54948CVE-2025-54987Management Console Command Injection RCE Vulnerability9.4CRITICAL
Mitigations
Development Micro has launched an emergency repair instrument designated FixTool_Aug2025.exe with SHA-256 hash c945a885a31679a913802a2aefde52b672bb2c8ac98bbed52b723e6733c0eadc to offer instant safety in opposition to identified exploits.
This short-term mitigation absolutely protects in opposition to present assault strategies however quickly disables the Distant Set up Agent operate for deploying brokers from the Administration Console.
Organizations utilizing Development Micro Apex One as a Service and Development Imaginative and prescient One Endpoint Safety acquired computerized safety by means of backend mitigations deployed on July 31, 2025, requiring no service downtime.
A complete Crucial Patch is predicted for launch in mid-August 2025, which is able to restore full Distant Set up Agent performance whereas sustaining safety protections.
Safety consultants strongly suggest instant software of the emergency repair instrument, significantly for organizations with internet-facing administration consoles, and implementing extra community segmentation and entry controls as defense-in-depth measures.
Equip your SOC with full entry to the newest menace information from ANY.RUN TI Lookup that may Enhance incident response -> Get 14-day Free Trial
