Infosec In Brief A critical vulnerability in the on-prem version of Trend Micro's Apex One endpoint security platform is under active exploitation, the company admitted last week, and there's no patch available.
Trend Micro last week warned Apex One 2019 customers about CVE-2025-54948 and CVE-2025-54987 , both with a CVSS score of 9.4 and both present in the platform’s web-based managed console.
According to the company, remote attackers with access to the management console can exploit the vulnerabilities to upload malicious code and execute commands on the affected machines. Trend Micro said the two flaws are identical, save for their impact on different CPU architectures – we’re pretty sure that means x86 and Arm.
Unfortunately for customers using Apex One 2019 Management Server vers