轉發 台灣電腦網路危機處理暨協調中心 TWCERTCC-200-202508-00000002

[內容說明]
Apex One是趨勢科技旗下一款端點安全整合式方案，提供集中式管理功能，可有效防護企業端點免受各種網路安全威脅侵害。日前，趨勢科技發布2個重大資安漏洞(CVE-2025-54948，CVSS：9.4 和CVE-2025-54987，CVSS：9.4 )，皆屬於作業系統指令注入漏洞，允許預授權的遠端攻擊者上傳惡意程式碼並執行命令。

[影響平台]
Apex One (on-prem) 2019 14.0.0.14039(含)之前版本

[建議措施]
根據官方網站釋出解決方式進行修補：
https://success.trendmicro.com/en-US/solution/KA-0020652

[參考資料]
https://www.twcert.org.tw/tw/cp-169-10314-4907b-1.html

Forwarded by Taiwan Computer Network Crisis Response and Coordination Center (TWCERTCC-200-202508-00000002)

[Description]
Apex One is an integrated endpoint security solution from Trend Micro that provides centralized management capabilities and effectively protects enterprise endpoints from various cybersecurity threats. Trend Micro recently released two critical security vulnerabilities (CVE-2025-54948, CVSS: 9.4 and CVE-2025-54987, CVSS: 9.4). Both are operating system command injection vulnerabilities that allow pre-authenticated remote attackers to upload malicious code and execute commands.

[Affected Platforms]
Apex One (on-prem) 2019 versions 14.0.0.14039 and earlier

[Recommended Action]
Patch according to the solution released on the official website:

https://success.trendmicro.com/en-US/solution/KA-0020652

[References]
https://www.twcert.org.tw/tw/cp-169-10314-4907b-1.html