JPCERT-AT-2025-0016
JPCERT/CC
2025-08-06(Initial)
2025-08-18(Update)
If these vulnerabilities are exploited, an unauthenticated attacker may execute arbitrary code. Trend Micro Incorporated has reported that attacks exploiting CVE-2025-54948 have been observed in the wild.
Since the vulnerabilities are already being exploited in the wild, the users of the affected products are recommended to update the affected system to the latest version as soon as possible. Please refer to the information provided by Trend Micro.
Trend Micro Incorporated
ITW CRITICAL SECURITY BULLETIN: Trend Micro Apex One (On-Premise) Management Console Command Injection RCE Vulnerabilities
https://success.trendmicro.com/en-US/solution/KA-0020652
Trend Micro Incorporated
[Important Notice] Respond to Confirmed Attacks Exploiting Vulnerabilities in Trend Micro Endpoint Security Products (Text in Japanese)
https://appweb.trendmicro.com/SupportNews/NewsDetail.aspx?id=5564
- Trend Micro Apex One On Premise (2019)
- Trend Micro Apex One as a Service
- Trend Vision One Endpoint Security - Standard Endpoint Protection
As for Trend Micro Apex One as a Service and Trend Vision One Endpoint Security - Standard Endpoint Protection, the vulnerabilities have already been mitigated in the July 31, 2025 updates.
Trend Micro Incorporated
ITW CRITICAL SECURITY BULLETIN: Trend Micro Apex One (On-Premise) Management Console Command Injection RCE Vulnerabilities
https://success.trendmicro.com/en-US/solution/KA-0020652
Trend Micro Incorporated
[Important Notice] Respond to Confirmed Attacks Exploiting Vulnerabilities in Trend Micro Endpoint Security Products (Text in Japanese)
https://appweb.trendmicro.com/SupportNews/NewsDetail.aspx?id=5564
Japan Vulnerability Notes JVNVU#92409854
Trend Micro Endpoint security products for enterprises vulnerable to multiple OS command injection
https://jvn.jp/en/vu/JVNVU92409854/
If you have any information regarding this alert, please contact JPCERT/CC.
2025-08-18 Updated "III. Solution"
JPCERT Coordination Center (Early Warning Group)
MAIL: ew-info@jpcert.or.jp
https://www.jpcert.or.jp/english/
JPCERT/CC
2025-08-06(Initial)
2025-08-18(Update)
I. Overview
On August 6, 2025, Trend Micro has released the information regarding vulnerabilities (CVE-2025-54948, CVE-2025-54987) in the management console of multiple endpoint security products for enterprises.If these vulnerabilities are exploited, an unauthenticated attacker may execute arbitrary code. Trend Micro Incorporated has reported that attacks exploiting CVE-2025-54948 have been observed in the wild.
Since the vulnerabilities are already being exploited in the wild, the users of the affected products are recommended to update the affected system to the latest version as soon as possible. Please refer to the information provided by Trend Micro.
Trend Micro Incorporated
ITW CRITICAL SECURITY BULLETIN: Trend Micro Apex One (On-Premise) Management Console Command Injection RCE Vulnerabilities
https://success.trendmicro.com/en-US/solution/KA-0020652
Trend Micro Incorporated
[Important Notice] Respond to Confirmed Attacks Exploiting Vulnerabilities in Trend Micro Endpoint Security Products (Text in Japanese)
https://appweb.trendmicro.com/SupportNews/NewsDetail.aspx?id=5564
II. Affected Products
Affected products and versions are as follows:- Trend Micro Apex One On Premise (2019)
- Trend Micro Apex One as a Service
- Trend Vision One Endpoint Security - Standard Endpoint Protection
As for Trend Micro Apex One as a Service and Trend Vision One Endpoint Security - Standard Endpoint Protection, the vulnerabilities have already been mitigated in the July 31, 2025 updates.
III. Solution
The users of Trend Micro Apex One On Premise (2019) are recommended to apply Fixtool. Trend Micro is planning to release a Critical Patch as permanent measures in mid-August 2025. Please refer to the information provided by Trend Micro for details.Update: August 18, 2025 Update
On August 18, 2025, Trend Micro released the patch SP1 CP B14081 to address these vulnerabilities. Please apply the patch according to the information provided by Trend Micro.
IV. References
Trend Micro Incorporated
ITW CRITICAL SECURITY BULLETIN: Trend Micro Apex One (On-Premise) Management Console Command Injection RCE Vulnerabilities
https://success.trendmicro.com/en-US/solution/KA-0020652
Trend Micro Incorporated
[Important Notice] Respond to Confirmed Attacks Exploiting Vulnerabilities in Trend Micro Endpoint Security Products (Text in Japanese)
https://appweb.trendmicro.com/SupportNews/NewsDetail.aspx?id=5564
Japan Vulnerability Notes JVNVU#92409854
Trend Micro Endpoint security products for enterprises vulnerable to multiple OS command injection
https://jvn.jp/en/vu/JVNVU92409854/
If you have any information regarding this alert, please contact JPCERT/CC.
Revision History
2025-08-06 First edition2025-08-18 Updated "III. Solution"
JPCERT Coordination Center (Early Warning Group)
MAIL: ew-info@jpcert.or.jp
https://www.jpcert.or.jp/english/
