Forwarded by Taiwan Computer Network Crisis Response and Coordination Center (TWCERTCC-200-202508-00000002)
[Description]
Apex One is an integrated endpoint security solution from Trend Micro that provides centralized management capabilities and effectively protects enterprise endpoints from various cybersecurity threats. Trend Micro recently released two critical security vulnerabilities (CVE-2025-54948, CVSS: 9.4 and CVE-2025-54987, CVSS: 9.4). Both are operating system command injection vulnerabilities that allow pre-authenticated remote attackers to upload malicious code and execute commands.
[Affected Platforms]
Apex One (on-prem) 2019 versions 14.0.0.14039 and earlier
[Recommended Action]
Patch according to the solution released on the official website:
https://success.trendmicro.com/en-US/solution/KA-0020652
[References]
https://www.twcert.org.tw/tw/cp-169-10314-4907b-1.html
[Security Vulnerability Warning] Trend Micro's Apex One management console has two major security vulnerabilities
Type:行政公告
Pubish Date:2025/08/07 至 2026/02/07
Visitors:104
返回列表
