CVE-2025-54987 PUBLISHED

Assigner: trendmicro
Reserved: 04.08.2025 Published: 05.08.2025 Updated: 06.08.2025

A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is essentially the same as CVE-2025-54948 but targets a different CPU architecture.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
CVSS Score: 9.4

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	Low
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	Trend Micro, Inc.
Product	Trend Micro Apex One
Versions	affected from 2019 (14.0) to 14.0.0.14039 (excl.)

References

https://success.trendmicro.com/en-US/solution/KA-0020652

CVE-2025-54987 PUBLISHED

Metrics

Product Status

References

Problem Types