CVE-2025-54948 PUBLISHED

Assigner: trendmicro
Reserved: 01.08.2025 Published: 05.08.2025 Updated: 18.08.2025

A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
CVSS Score: 9.4

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	Low
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	Trend Micro, Inc.
Product	Trend Micro Apex One
Versions	affected from 2019 (14.0) to 14.0.0.14039 (excl.)

References

https://success.trendmicro.com/en-US/solution/KA-0020652

CVE-2025-54948 PUBLISHED

Metrics

Product Status

References

Problem Types