Trend Micro releases mitigation tool for unpatched, exploited Apex One flaw

On August 6, 2025, Trend Micro issued a security advisory on an unpatched vulnerability in its Trend Micro Apex One™ management console, noting that it is being abused by threat actors.

The flaw, tracked under two separate identifiers depending on the CPU architecture—CVE-2025-54948 and CVE-2025-54987—is due to a command injection issue in the Trend Micro Apex One on-premise (2019) management console.

It could enable execution of malicious code remotely on systems running unpatched software. The issue, rated as Critical severity, has been assigned a Common Vulnerability Scoring System (CVSS) base score of 9.4 out of 10.

The security updates for Apex One on-premise (2019) are to be issued in mid-August 2025, but Trend Micro released a mitigation tool that provides short-term mitigation against exploitation attempts.

Trend Micro Apex One as a Service and Trend Vision One Endpoint Security - Standard Endpoint Protection received patches for this vulnerability in the July 2025 updates.

Stay on top of emerging threats like this.

Sign up to receive a weekly roundup of our security intelligence feed. You'll be the first to know of emerging attack vectors, threats, and vulnerabilities. 

Sign up

Analyst insight

If you are running any of the vulnerable versions, we recommend following the remediation guidance in the Solution section of the advisory, and applying the short-term mitigation (Fixtool) provided by Trend Micro.

Customers who have their console’s IP address exposed externally are recommended to consider other mitigating factors such as source restrictions, if not already applied.

Note that while the tool will fully protect against known exploits, it will disable the ability for administrators to utilize the Remote Install Agent function to deploy agents from the Trend Micro Apex One management console. Other agent installation methods such as UNC path or agent package are unaffected.