Overview

• Two unauthenticated command injection flaws, CVE-2025-54948 and CVE-2025-54987, rated 9.4, enable remote attackers to upload malicious code on on-premise Apex One management consoles.
• Trend Micro confirmed at least one observed attempt to exploit these weaknesses in the wild, prompting an urgent security advisory.
• The mitigation tool fully protects against known exploits by disabling the Remote Install Agent feature, though UNC path and agent package deployment remain unaffected.
• A comprehensive patch is scheduled for mid-August to address the root vulnerabilities and restore full console functionality.
• Administrators are advised to apply the temporary fix immediately, restrict console IP exposure and tighten remote access policies to reduce risk.