CVE-2025-54987

Summary

A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is essentially the same as CVE-2025-54948 but targets a different CPU architecture.

Affected Software

VendorProductVersion RangeStatus
Trend Micro, Inc.Trend Micro Apex One2019 (14.0) < 14.0.0.14039affected

Weaknesses

  • CWE-78: CWE-78: OS Command Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References