CRITICAL🇵🇱 Wersja polska

CVE-2025-54987

CVSS 9.4v3.1pub. 2025-08-05upd. 2025-08-12

A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is essentially the same as CVE-2025-54948 but targets a different CPU architecture.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
  • Trendmicro Apex One

    APP
    Trendmicro
    2019
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Command Injection
CWE
References

Related vulnerabilities

CVE-2025-54948CRITICAL9.4⚠ KEVPL ✓ten sam produkt

Command injection w Trend Micro Apex One – RCE bez uwierzytelnienia

CVE-2022-26871CRITICAL9.8⚠ KEVten sam produkt

An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attac...

CVE-2020-8599CRITICAL9.8⚠ KEVten sam produkt

Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote a...

CVE-2023-32557CRITICAL9.8ten sam produkt

A path traversal vulnerability in the Trend Micro Apex One and Apex One as a Service could allow an unauthenti...

CVE-2023-25143CRITICAL9.8ten sam produkt

An uncontrolled search path element vulnerability in the Trend Micro Apex One Server installer could allow an ...