Unauthenticated command injection vulnerabilities (CVE-2025-54948, CVE-2025-54987) affecting the on-premise version of Trend Micro’s Apex One endpoint security platform are being probed by attackers, the company has warned on Wednesday. Unfortunately for those organizations that use it, a patch is still in the works and is expected to be released around the middle of August 2025. But the company has provided a “fix tool” that mitigates the risk of exploitation in the short term – though … More

The post Trend Micro Apex One flaws exploted in the wild (CVE-2025-54948, CVE-2025-54987) appeared first on Help Net Security.