Trend Micro Addresses Critical RCE Vulnerabilities in Apex One with Active Exploitation in the Wild

Trend Micro has recently addressed two critical vulnerabilities in its Apex One endpoint security solution, identified as CVE-2025-54948 and CVE-2025-54987, both with a CVSS score of 9.4. These vulnerabilities allow for remote code execution (RCE) via console injection and have been actively exploited in the wild. The affected components are the on-premises consoles of Apex One, which are used by organizations to manage their endpoint security.

The high CVSS score indicates that these vulnerabilities are severe and pose significant risks to affected systems. Remote code execution vulnerabilities are particularly dangerous as they can allow attackers to gain full control over the compromised systems. In the context of an endpoint security solution, this could lead to the disabling of security measures, installation of malware, or exfiltration of sensitive data.

The active exploitation of these vulnerabilities in the wild underscores the urgency for organizations to apply the patches provided by Trend Micro. It is crucial for organizations to prioritize patching these vulnerabilities immediately to mitigate the risk of exploitation. Additionally, organizations should monitor their networks for any signs of exploitation and ensure that their defense-in-depth strategies are robust enough to handle such threats.

This incident highlights the importance of timely patching and the risks associated with on-premises solutions. While on-premises solutions offer more control, they also require more diligent maintenance and patching to ensure security. It serves as a reminder of the critical role that endpoint security solutions play in the overall cybersecurity landscape and the need for continuous vigilance and proactive measures to safeguard against emerging threats.