Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

Trend Micro Confirms Active Exploitation of Critical Apex One Flaws in On-Premise Systems

The Hacker News by The Hacker News
August 6, 2025
Home Cybersecurity
Share on FacebookShare on Twitter


Aug 06, 2025Ravie LakshmananVulnerability / Endpoint Security

Trend Micro has released mitigations to address critical security flaws in on-premise versions of Apex One Management Console that it said have been exploited in the wild.

The vulnerabilities (CVE-2025-54948 and CVE-2025-54987), both rated 9.4 on the CVSS scoring system, have been described as management console command injection and remote code execution flaws.

“A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations,” the cybersecurity company said in a Tuesday advisory.

While both shortcomings are essentially the same, CVE-2025-54987 targets a different CPU architecture. The Trend Micro Incident Response (IR) Team and Jacky Hsieh at CoreCloud Tech have been credited with reporting the two flaws.

Cybersecurity

There are currently no details on how the issues are being exploited in real-world attacks. Trend Micro said it “observed at least one instance of an attempt to actively exploit one of these vulnerabilities in the wild.”

Mitigations for Trend Micro Apex One as a Service have already been deployed as of July 31, 2025. A short-term solution for on-premise versions is available in the form of a fix tool. A formal patch for the vulnerabilities is expected to be released in mid-August 2025.

However, Trend Micro pointed out that while the tool fully protects against known exploits, it will disable the ability for administrators to utilize the Remote Install Agent function to deploy agents from the Trend Micro Apex One Management Console. It emphasized that other agent install methods, such as UNC path or agent package, are unaffected.

“Exploiting these type of vulnerabilities generally require that an attacker has access (physical or remote) to a vulnerable machine,” the company said. “In addition to timely application of patches and updated solutions, customers are also advised to review remote access to critical systems and ensure policies and perimeter security is up-to-date.”



Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
The Hacker News

The Hacker News

Next Post
Assured Space Access Technologies Inc. Announces Opening of Phased Array Center of Excellence in Melbourne, Florida

Assured Space Access Technologies Inc. Announces Opening of Phased Array Center of Excellence in Melbourne, Florida

Recommended.

Stocks making the biggest moves after hours: LendingClub, Nucor, Rambus, Bed Bath & Beyond and more

Stocks making the biggest moves after hours: LendingClub, Nucor, Rambus, Bed Bath & Beyond and more

April 27, 2026
Change Healthcare Breach Impacted Data Of 190 Million People: UnitedHealth

Change Healthcare Breach Impacted Data Of 190 Million People: UnitedHealth

January 27, 2025

Trending.

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

May 21, 2025
Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

April 23, 2025
Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

May 8, 2026
VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

September 11, 2025
OpenTable Launches All-in-One Marketplace for Private and Group Dining

OpenTable Launches All-in-One Marketplace for Private and Group Dining

September 16, 2025

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio