Trend Micro Apex One Command Injection Remote Code Execution Vulnerability

A command injection vulnerability allowing pre-authenticated remote code execution has been identified in the Trend Micro Apex One (on-premise) management console, specifically in the 2019 version and Management Server Version 14039. This vulnerability arises from improper handling of user input, which could enable an attacker to upload malicious code and execute commands on the affected system. Notably, this vulnerability targets a different CPU architecture than a similar issue documented as CVE-2025-54948.

Impact

Exploitation of this vulnerability allows for command injection, with the potential for remote code execution on the affected system.

Remediation

Trend Micro has released a short-term mitigation tool, FixTool_Aug2025, which is now available for download. This tool protects against known exploits but temporarily disables the Remote Install Agent function. A formal Critical Patch is expected to be released in mid-August 2025, which will restore the Remote Install Agent functionality if applied after the FixTool.