By rssfeeds-admin 
The cybersecurity firm confirmed that at least one instance of active exploitation has been observed in the wild, prompting immediate action from organizations using the affected software.
Critical Vulnerabilities Enable Remote Code Execution
The security flaws, tracked as CVE-2025-54948 and CVE-2025-54987, both carry a critical CVSS 3.1 score of 9.4 and exploit OS command injection weaknesses (CWE-78).
These vulnerabilities allow pre-authenticated remote attackers to upload malicious code and execute arbitrary commands on affected Trend Micro Apex One installations.
The vulnerabilities target different CPU architectures but essentially represent the same underlying security flaw in the management console’s code handling.
Affected systems include Trend Micro Apex One 2019 with Management Server Version 14039 and below running on Windows platforms.
The attack vector requires network access with low complexity and no user interaction, making these vulnerabilities particularly dangerous for organizations with externally exposed management consoles.
Security researchers from Trend Micro’s Incident Response team and Jacky Hsieh from CoreCloud Tech, working with the Trend Zero Day Initiative, were credited with the responsible disclosure of these issues.
Immediate Mitigation Measures Deployed
In response to the active exploitation, Trend Micro released a mitigation tool called FixTool_Aug2025.exe on August 5, 2025.
The fix tool carries a SHA-256 hash c945a885a31679a913802a2aefde52b672bb2c8ac98bbed52b723e6733c0eadc and provides immediate protection against known exploits.
However, the short-term mitigation disables the Remote Install Agent function, preventing administrators from deploying agents directly from the management console while preserving other installation methods such as UNC path or agent package deployments.
For cloud-based services, Trend Micro Apex One as a Service and Trend Vision One Endpoint Security already received backend mitigations during out-of-band maintenance on July 31, 2025, without service downtime.
A comprehensive critical patch restoring full functionality is expected by mid-August 2025.
Organizations are strongly advised to apply the mitigation tool immediately and review external access policies for their management consoles to minimize exposure.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates
The post Critical RCE Vulnerability in Trend Micro Apex One Actively Exploited in the Wild appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.