A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Mon, 18 Aug 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 18 Aug 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2025-08-18T00:00:00+00:00', 'dueDate': '2025-09-08T00:00:00+00:00'}


Tue, 12 Aug 2025 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Trendmicro apex One
CPEs cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:on-premises:windows:*:*
Vendors & Products Trendmicro apex One

Tue, 05 Aug 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 05 Aug 2025 13:15:00 +0000

Type Values Removed Values Added
Description A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations.
First Time appeared Trendmicro
Trendmicro apexone Server
Weaknesses CWE-78
CPEs cpe:2.3:a:trendmicro:apexone_server:14.0.0.14039:*:*:*:*:*:*:*
Vendors & Products Trendmicro
Trendmicro apexone Server
References
Metrics cvssV3_1

{'score': 9.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: trendmicro

Published:

Updated: 2025-08-18T16:20:23.791Z

Reserved: 2025-08-01T14:13:10.297Z

Link: CVE-2025-54948

cve-icon Vulnrichment

Updated: 2025-08-05T14:17:21.380Z

cve-icon NVD

Status : Analyzed

Published: 2025-08-05T13:15:28.487

Modified: 2025-08-19T01:00:02.773

Link: CVE-2025-54948

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.