Alerts
Critical Vulnerabilities in Trend Micro Endpoint Security Products
7 August 2025
Trend Micro has released a mitigation tool addressing critical vulnerabilities in its endpoint security products. Users and administrators are advised to apply the FixTool as a short-term mitigation measure.
Background
Trend Micro has released a mitigation tool addressing critical vulnerabilities (CVE-2025-54948 and CVE-2025-54987, depending on the CPU architecture) in its endpoint security products.
Impact
Successful exploitation of the command injection vulnerabilities could allow a pre-authenticated remote attacker to upload malicious code and perform remote code execution.
Known Exploitation
One of the vulnerabilities has reportedly been exploited in the wild.
Affected Products
These vulnerabilities affect:
- Trend Micro Apex One (on-premise)
- Trend Micro Apex One as a Service
- Trend Vision One Endpoint Security - Standard Endpoint Protection
For Trend Micro Apex One as a Service and Trend Vision One Endpoint Security - Standard Endpoint Protection, Trend Micro has deployed the necessary mitigations.
Recommendations
Users and administrators of Apex One (on-premise) are advised to apply the FixTool as a short-term mitigation measure, even if this means temporarily losing remote management capabilities. Administrators are also advised to review remote access to critical systems and ensure policies and perimeter security are up-to-date. Trend Micro is planning to release security updates in mid-August 2025, and users and administrators are advised to update to the latest versions when they become available.
References
https://success.trendmicro.com/en-US/solution/KA-0020652
https://nvd.nist.gov/vuln/detail/CVE-2025-54948