Skip to content
Safeguarding Technovate: Your Digital FortressExplore Cutting-Edge Tech

Trend Micro Acts on Critical Apex One Vulnerabilities, CISA Issues BOD

Trend Micro moves fast to patch critical Apex One flaws. CISA orders federal agencies to follow suit, emphasizing the urgency of the situation.

 and  Administrator
1 min read
Here in this picture we can see an insect present on the floor.
Here in this picture we can see an insect present on the floor.

Trend Micro Acts on Critical Apex One Vulnerabilities, CISA Issues BOD

Trend Micro has swiftly responded to critical vulnerabilities in its Apex One on-premise solutions. The cybersecurity firm has deployed mitigations and provided a temporary fix tool, with a full patch expected by mid-August. Meanwhile, the Cybersecurity and Infrastructure Security Agency (CISA) has issued a Binding Operational Directive (BOD) ordering federal agencies to fix these vulnerabilities by September 08, 2025.

The vulnerabilities, identified as CVE-2025-54948 and CVE-2025-54987, are command injection remote code execution (RCE) issues affecting the Apex One Management Console. These flaws allow pre-authenticated remote attackers to upload malicious code and execute commands on affected installations. Both vulnerabilities are actively exploited in the wild.

CISA has added CVE-2025-54948 to its Known Exploited Vulnerabilities catalog, underscoring the urgency for remediation. Trend Micro has released fixes for these critical issues, but users are advised to apply them as soon as possible to protect their systems. In a separate development, CISA has also added CVE-2025-4008, a command injection vulnerability affecting Smartbedded Meteobridge, to its catalog. Federal Civilian Executive Branch agencies are required to apply necessary updates by October 23, 2025.

The timely response from Trend Micro and the directive from CISA highlight the importance of prompt action in addressing critical vulnerabilities. Users of Apex One on-premise solutions are urged to apply the available fixes immediately to mitigate potential risks. As for the Meteobridge vulnerability, agencies are working towards a fix by the specified deadline.

Read also:

Related

Latest