CVE-2025-54948

ENISA EUVD: EUVD-2025-23621 ↗
Exploited in the Wild ✓ Confirmed 0-Day
Triaged: March 5, 2026 3 articles Published: 2025-08-05
VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23
6.88%
probability
This CVE has a 6.88% probability of being exploited in the next 30 days.
0% Top 91.5th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)
9.4
CRITICAL
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
High
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

Description

VulnerabilityLookup (CNA)
A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations.

Affected Products

Trend Micro, Inc.
Trend Micro Apex One
2019 (14.0)

Signal Intelligence

Confidence
85%
EPSS 6.88%
CVSS v3.1 9.4
Mentions 3
Last Seen May 22, 2026

CNA Information

CNA Assigner
trendmicro

Analyst Note

CVE-2025-54948 is a 2025 vulnerability in Trend Micro Apex One with a CRITICAL CVSS score. The BleepingComputer article explicitly states 'Trend Micro warns of Apex One zero-day exploited in attacks,' confirming active exploitation in the wild. The recent publication date (2025-08-05) combined with explicit zero-day designation in authoritative reporting and active exploitation documentation supports confirmed zero-day classification.

Threat Actors 6

Hacking Team
apt_group 🇮🇹 IT
Infy
apt_group Information theft and espionage 🇮🇷 IR
RomCom
apt_group Financial gain 🇷🇺 RU
Rocke
apt_group 🇨🇳 CN
Void Rabisu
apt_group Financial gain 🇷🇺 RU
Mana Team
apt_group 🇨🇳 CN

Triage Info

Decided atMar 05, 2026
Published DateAug 05, 2025