Trend Micro recently disclosed a series of critical security vulnerabilities in the on-premises version of its Apex One Management Console. These are two related vulnerabilities (CVE-2025-54948 and CVE-2025-54987), both of which carry a CVSS score of 9.4. A command injection in the management console allows an attacker to upload and execute malicious code on affected systems without prior authentication, while the second variant specifically targets a different CPU architecture.
While details of actual attacks are not yet public, Trend Micro confirms that its Incident Response department has observed at least one active exploit attempt. The discoverers of the leaks, Trend Micro's internal IR team and CoreCloud Tech researcher Jacky Hsieh, are being praised by the company for their rapid reporting of the vulnerabilities.
For Apex One as a Service customers, mitigations are in place as early as July 31, 2025. For on-premise installations, Trend Micro offers a temporary fix program that completely blocks known exploits. However, this temporary fix restricts use of the Remote Install Agent feature in the console; alternative agent installation methods (such as via UNC path or agent package) will continue to work as normal. A final patch is expected no later than mid-August 2025.
Trend Micro emphasizes that an attacker does need physical or (authorized) remote access to a vulnerable machine to exploit the vulnerabilities. In addition to quickly applying available mitigations and the upcoming patch, the company advises organizations to thoroughly review their access policies to vital systems and strengthen perimeter security.
Cyber security company in Suriname Avigdor recommends organizations in Suriname that use on-premise Apex One e.g. government agencies, financial services companies and utilities to immediately implement the fix program and be prepared for the formal patch in August. In addition, it is advisable to investigate whether migration to the SaaS variant of Apex One or to other cloud-based security services can further enhance the continuity of their own security infrastructure. Avigdor who does advanced penetrating testing for companies in Suriname says that all IT infrastructure needs to be audited more often these days because attacks are increasingly sophisticated and faster, especially now with AI.
