Known exploited
Trend Micro
CVE published 2025-08-18
CVE-2025-54948
CVE-2025-54948 is an OS command injection vulnerability in Trend Micro Apex One. CISA added it to the Known Exploited Vulnerabilities catalog on 2025-08-18, which means there is evidence of active exploitation. For defenders, this is a high-priority issue: check your Apex One exposure, apply Trend Micro’s mitigations, and follow the CISA deadline guidance if you cannot remediate immediately.