CVE-2025-54948

A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code...

Basic Information

CVE State: PUBLISHED
Reserved Date: August 01, 2025
Published Date: August 05, 2025
Last Updated: October 21, 2025
Vendor: Trend Micro, Inc.
Product: Trend Micro Apex One
Description: A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations.
Tags

CVSS Scores

CVSS v3.1

9.4 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

SSVC Information

Exploitation: active
Automatable: Yes
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (2026-06-01 10:38:51 UTC) Source

References

https://success.trendmicro.com/en-US/solution/KA-0020652

Known Exploited Vulnerability Information

Source	Added Date
CVE	2026-06-01 10:38:51 UTC

Timeline

CVE ID Reserved

August 01, 2025
CVE Published to Public

August 05, 2025
Added to KEVIntel

June 01, 2026