Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2025-54948
CVE-2025-54948:
Trend Micro Apex One Agent vulnerability analysis and mitigation
Overview
CVE-2025-54948 is a critical command injection vulnerability affecting the Trend Micro Apex One (on-premise) management console. The vulnerability was discovered on August 1, 2025, and publicly disclosed on August 5, 2025. It affects Trend Micro Apex One version 2019 Management Server Version 14039 and below running on Windows systems. The vulnerability received a CVSS v3.1 base score of 9.8 (Critical) from NVD and 9.4 from Trend Micro (NVD, ZDI Advisory).
Technical details
The vulnerability exists within the Apex One console, which listens on TCP ports 8080 and 4343 by default. The specific flaw stems from the lack of proper validation of a user-supplied string before using it to execute a system call. The issue is classified as CWE-78 (Improper Neutralization of Special Elements used in an OS Command Injection). An attacker can leverage this vulnerability to execute code in the context of IUSR without requiring authentication (ZDI Advisory).
Impact
The vulnerability allows pre-authenticated remote attackers to upload malicious code and execute commands on affected installations. Successful exploitation could lead to complete system compromise with high impacts on confidentiality, integrity, and availability of the affected system (NVD, Trend Micro Advisory).
Mitigation and workarounds
Trend Micro released a temporary fix tool (FixTool_Aug2025) on August 6, 2025, followed by a permanent patch (SP1 CP B14081) on August 15, 2025. The temporary fix disables the Remote Install Agent function but provides protection against known exploits. Organizations are advised to implement source restrictions if their console's IP address is exposed externally. Other agent install methods such as UNC path or agent package remain unaffected (Trend Micro Advisory).
Community reactions
The vulnerability gained significant attention due to its critical nature and active exploitation. On August 18, 2025, CISA added CVE-2025-54948 to its Known Exploited Vulnerabilities catalog, requiring federal agencies to apply mitigations (Help Net Security).
Additional resources
Source: This report was generated using AI
Related Trend Micro Apex One Agent vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management