Trend Micro Patches Apex One Vulnerabilities Exploited in Wild

Trend Micro Patches Apex One Vulnerabilities Exploited in Wild

Posted on By CWS

Development Micro is urging customers of the on-premises model of its Apex One endpoint safety resolution to put in updates that patch two zero-day vulnerabilities.

An advisory printed by the safety agency on Tuesday warns prospects that two important vulnerabilities tracked as CVE-2025-54948 and CVE-2025-54987 have been exploited within the wild in at the very least one occasion.

The safety holes, described as OS command injection points, affect the Apex One administration console and they are often exploited by a distant, unauthenticated attacker to add malicious code and execute instructions on impacted installations.

CVE-2025-54987 is described as “primarily the identical as CVE-2025-54948” however affecting a special CPU structure.

“For this explicit vulnerability, an attacker will need to have entry to the Development Micro Apex One Administration Console, so prospects which have their console’s IP handle uncovered externally ought to take into account mitigating components resembling supply restrictions if not already utilized,” Development Micro informed prospects.

In keeping with advisories printed by ZDI, the vulnerabilities have been reported to Development Micro on August 1 and it appears the corporate rushed to patch them.

No info has been shared on the zero-day assaults exploiting CVE-2025-54948 and/or CVE-2025-54987, however Chinese language cyberspies have been recognized to focus on Development Micro product vulnerabilities. 

Jacky Hsieh of Taiwan-based cybersecurity firm CoreCloud Tech has been credited for reporting the vulnerabilities. Contemplating that Taiwan is commonly a goal of Chinese language APT assaults, this implies that Chinese language risk actors could also be behind the newest Development Micro zero-day exploitation. Commercial. Scroll to proceed studying.

It’s not unusual for risk actors to focus on Development Micro product vulnerabilities of their assaults. CISA’s Recognized Exploited Vulnerabilities (KEV) catalog reveals that ten Development Micro flaws have been exploited within the wild since 2018.

Associated: ESET Vulnerability Exploited for Stealthy Malware Execution

Associated: Important Vulnerabilities Patched in Development Micro Apex Central, Endpoint Encryption

Associated: Development Micro Patches One other Apex One Vulnerability Exploited in Assaults

Security Week News Tags:, , , , , ,

Related Posts

Zania Raises Million for AI-Powered GRC Platform Zania Raises $18 Million for AI-Powered GRC Platform Security Week News
Checkout.com Discloses Data Breach After Extortion Attempt Checkout.com Discloses Data Breach After Extortion Attempt Security Week News
OpenAI Codex Vulnerability Exposes GitHub Tokens OpenAI Codex Vulnerability Exposes GitHub Tokens Security Week News
Cyberattack Foiled at Poland’s Nuclear Research Facility Cyberattack Foiled at Poland’s Nuclear Research Facility Security Week News
Victoria’s Secret Says It Will Postpone Earnings Report After Recent Security Breach Victoria’s Secret Says It Will Postpone Earnings Report After Recent Security Breach Security Week News
Cisco Resolves Critical Flaws in Enterprise Solutions Cisco Resolves Critical Flaws in Enterprise Solutions Security Week News