CISA Alerts on Exploitation of Trend Micro Apex One OS Command Injection Vulnerability in Cyber Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning regarding a high-severity OS command injection vulnerability in Trend Micro Apex One Management Console, tracked as CVE-2025-54948. This vulnerability, classified under CWE-78, poses significant risks to organisations running on-premise installations of the enterprise security platform. CISA confirms that remote attackers can execute OS commands without authentication on these systems. The agency strongly advises organisations to patch the vulnerability immediately or discontinue use of the affected products if patches are unavailable.

The CVE-2025-54948 vulnerability creates a dangerous attack vector for pre-authenticated remote attackers, enabling them to upload arbitrary code and execute system commands on compromised installations. This flaw arises from insufficient input validation within the management console interface, allowing attackers to inject malicious OS commands through specially crafted requests. Once exploited, the vulnerability grants attackers the ability to execute arbitrary commands with the application’s privileges, effectively bypassing security controls and gaining unauthorised access to sensitive systems. CISA has added CVE-2025-54948 to its Known Exploited Vulnerabilities Catalog, with a mandatory remediation deadline for federal agencies set for September 8, 2025. 

Categories: Vulnerability Management, Cybersecurity Threats, Software Exploitation 

Tags: CISA, CVE-2025-54948, Trend Micro, Apex One, OS Command Injection, Vulnerability, Remote Code Execution, Pre-authenticated Access, Security Advisory, Mitigation