9.8
CVE-2025-54948
- EPSS 20.79%
- Veröffentlicht 05.08.2025 13:15:28
- Zuletzt bearbeitet 31.10.2025 14:42:24
- Quelle security@trendmicro.com
- CVE-Watchlists
- Unerledigt
A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Trendmicro ≫ Apex One Version2019 SwEditionon-premises SwPlatformwindows
18.08.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog
Trend Micro Apex One OS Command Injection Vulnerability
SchwachstelleTrend Micro Apex One Management Console (on-premise) contains an OS command injection vulnerability that could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations.
BeschreibungApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 20.79% | 0.972 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| security@trendmicro.com | 9.4 | 3.9 | 5.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://success.trendmicro.com/en-US/solution/KA-0020652
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-54948