CVE-2025-54948

Summary

A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations.

Affected Software

VendorProductVersion RangeStatus
Trend Micro, Inc.Trend Micro Apex One2019 (14.0) < 14.0.0.14039affected

Weaknesses

  • CWE-78: CWE-78: OS Command Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: yes
    • Technical Impact: total

Additional References

References