CVE-2025-54948
Published: 05 August 2025
Summary
CVE-2025-54948 is a critical-severity OS Command Injection (CWE-78) vulnerability in Trendmicro Apex One. Its CVSS base score is 9.4 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 5.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
A vulnerability in the management console of Trend Micro Apex One (on-premise) permits a pre-authenticated remote attacker to upload malicious code and execute operating system commands on affected installations. The flaw is tracked as CVE-2025-54948 with a CVSS 3.1 score of 9.4 and is categorized under CWE-78 for improper neutralization of special elements used in an OS command.
An unauthenticated network attacker can exploit the issue without user interaction to achieve code execution with high impact on confidentiality and availability and limited impact on integrity. Because the attack requires no prior authentication, it can be launched directly against exposed management consoles.
The vendor advisory at success.trendmicro.com recommends applying the fixes referenced in solution KA-0020652. CISA has added the CVE to its Known Exploited Vulnerabilities catalog, confirming in-the-wild exploitation and directing organizations to prioritize remediation.
EPSS scores for the vulnerability rose from a low baseline to a peak of 0.2244 with a current value of 0.1389, indicating growing exploitation interest after public disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-23621
Vulnerability details
A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations.
- CWE(s)
- KEV Date Added
- 18 August 2025
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OS command injection RCE in public-facing management console directly enables T1190 exploitation and T1059 command execution.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely identification, reporting, and patching of flaws like CVE-2025-54948 to eliminate the command injection vulnerability in the Apex One management console.
Mandates validation of all inputs to prevent OS command injection exploits, such as the malicious code upload in CVE-2025-54948.
Enables proactive scanning to identify vulnerabilities like CVE-2025-54948 in the management console, supporting timely remediation.