Trend Micro Apex One Command Injection Remote Code Execution Vulnerability

A command injection vulnerability allowing pre-authenticated remote code execution has been identified in the Trend Micro Apex One (on-premise) management console, specifically in version 2019, Management Server Version 14039. This vulnerability arises from improper handling of user input, which could enable an attacker to upload malicious code and execute commands on the affected system.

Impact

Exploitation of this vulnerability allows for command injection, enabling remote execution of arbitrary commands on the affected system with the privileges of the Apex One management console.

Remediation

Trend Micro has released a short-term mitigation tool for this vulnerability, available as 'FixTool_Aug2025'. This tool protects against known exploits but temporarily disables the Remote Install Agent function. A formal Critical Patch is expected to be released in mid-August 2025, which will restore the Remote Install Agent functionality if applied after the FixTool.