Trend Micro Issues Fix as Apex One Zero-Day Is Exploited

Trend Micro said a command-injection flaw in the on-premise version of its Apex One Management Console is being actively exploited, prompting the cybersecurity company to release an interim mitigation tool while it works on a permanent patch. The vulnerability, tracked as CVE-2025-54948 and CVE-2025-54987 and carrying a Common Vulnerability Scoring System rating of 9.4, allows remote code execution if attackers can reach the console’s interface. Although exploitation requires the console to be externally accessible, Trend Micro urged customers to install the mitigation immediately and restrict network exposure, noting it has already detected at least one in-the-wild attack. The company expects to publish a full software update in mid-August and advised enterprises to disable the Remote Install Agent function until the patch arrives.