Trend Micro Apex One (CVE-2025-54948)
Release Date: 18th of August 2025
Impact : HIGH / CRITICAL
TLP Rating: Clear 
CERT Vanuatu (CERTVU) and the Department of Communication and Digital Transformation (DCDT) provide the following advisory.
This alert is relevant to Organizations who utilize the above products. This alert is intended to be understood by technical users and systems administrators.
What is it?
CVE-2025-54948 is a critical remote code execution (RCE) vulnerability in the on-premise Trend Micro Apex One Management Console, allowing pre-authenticated remote attackers to update malicious code and execute system commands. It stems from an OS command injection (CW-78_ flaw due to insufficient input validation in the console’s backend.
What are the Systems affected?
Affected Versions;
- Trend Micro Apex One (on-premise) Management Console – specifically Version 2019 (14.0), including Management Server Version 14039 and earlier.
- Trend Micro Apex One as a service (Cloud/SaaS) and Trend Vision One Endpoint Security (Standard Endpoint Protection) were impacted initially but were remediated automatically requiring no customer action
What this means?
The vulnerability could allow a remote attacker to upload malicious code and execute commands on affected installations.
Mitigation process
Critical Patch (SP1 CP B14081) is released – this is the permanent solution and restores the Remote Install Agent functionality.
Restrict access to the Apex One Console – especially if it’s IP is exposed externally. Use network-level restriction or firewall rules to limit interfaces that reach the console.
References
- https://www.cve.org/CVERecord?id=CVE-2025-54948
- https://success.trendmicro.com/en-US/solution/KA-0020652
- Download advisory (English): Trend Micro Apex One (CVE-2025-54948)
- Download advisory (Bislama): Trend Micro Apex One
- Download advisory (French): Trend Micro Apex One