Forwarded by Taiwan Computer Network Crisis Response and Coordination Center (TWCERTCC-200-202508-00000013)

1. [CVE-2025-54948] Trend Micro Apex One OS Command Injection Vulnerability (CVSS v3.1: 9.4)
[Exploited by ransomware: Unknown] Trend Micro Apex One on-premises versions contain an operating system command injection vulnerability. An unauthenticated remote attacker can upload malicious code to the management console and remotely execute arbitrary code.
[Affected Platforms] Please refer to the official list of affected versions.
https://success.trendmicro.com/en-US/solution/KA-0020652

2. [CVE-2025-43300] Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability (CVSS v3.1: 8.8)
[Exploited by Ransomware: Unknown] An out-of-bounds write vulnerability exists in the Image I/O architecture of Apple iOS, iPadOS, and macOS.
[Affected Platforms]
● iPad OS versions prior to (excluding)
● iPad OS versions 18.0 to 18.6.2 (excluding)
● iOS versions prior to (excluding)
● macOS versions 13.0.0 to 13.7.8 (excluding)
● macOS versions 14.0 to 14.7.8 (excluding)
● macOS versions 15.0 to 15.6.1 (excluding)

[Affected Platforms]
For details, see the affected platforms section in the content description.

[Recommended Actions]
1. [CVE-2025-54948] A fix has been released for this vulnerability. Please update to the relevant version.
https://success.trendmicro.com/en-US/solution/KA-0020652

2. [CVE-2025-43300] A fix has been released for this vulnerability. Please update to the relevant version.
https://support.apple.com/en-us/124925
https://support.apple.com/en-us/124926
https://support.apple.com/en-us/124927
https://support.apple.com/en-us/124928
https://support.apple.com/en-us/124929