Attacks on Trend Micro Apex One Management Console observed

Attackers are currently targeting two “critical” vulnerabilities in Trend Micro Apex One Management Console (on premise) under Windows. A preliminary security update is available, but it comes with restrictions. The IT security software provider states that they have already documented attack attempts.

Patch now!

According to the developers, Trend Micro Apex One (On-Premise) 2019 up to and including Management Server version 14039 is specifically under threat. In a warning message, they state that the on-premise version is equipped against the attacks with the FixTool_Aug2025 patch.

According to them, however, this is a temporary update that protects systems but has one limitation: After installation, admins can no longer use the “Remote Install Agent” function for deploying agents via the Trend Micro Apex One management console. Trend Micro assures that the full patch will be released without restrictions in mid-August.

It is not yet clear to what extent the attacks are taking place and how admins can recognize systems that have already been attacked. According to the developers, the as-a-service version of the protection software has been secured since the end of July.

According to the descriptions of the two vulnerabilities (CVE-2025-54948, CVE-2025-54987), attacks can be carried out remotely. However, attackers must be “pre-authenticated” for this, the developers write. If this is the case, they can upload and execute their code. Due to the critical classification, it can be assumed that systems are then completely compromised.

In July, Trend Micro closed several vulnerabilities in Cleaner One Pro, among others.

(des)