What the vulnerability does
01Description
A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations.
CVSS base score
9.4/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
CISA mandated remediation
02CISA Required Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Key dates
03Disclosure timeline
August 5, 2025
CVE published
October 21, 2025
Record updated
External resources
04References
NVD — National Vulnerability Database
https://nvd.nist.gov/vuln/detail/CVE-2025-54948
CWE — Common Weakness Enumeration
https://cwe.mitre.org/data/definitions/78.html
CISA KEV Reference
https://success.trendmicro.com/en-US/solution/KA-0020652
CISA KEV Reference
https://nvd.nist.gov/vuln/detail/CVE-2025-54948
Related vulnerabilities
05Related CVE
CVE-2023-3572 PHOENIX CONTACT: OS Command Injection in WP 6xxx Web panels
CVE-2026-7204 Totolink A8000RU CGI cstecgi.cgi setPptpServerCfg os command injection
CVE-2026-1723 TOTOLINK X6000R Unauthenticated Command Injection Vulnerability
CVE-2026-34796 Endian Firewall /cgi-bin/logs_openvpn.cgi DATE Perl Command Injection
CVE-2026-25105 Copeland XWEB and XWEB Pro OS Command Injection
