【資安漏洞預警】趨勢科技旗下Apex One管理控制台存在2個重大資安漏洞

【行政公告】

公告單位	圖資處數位服務組
訊息類別	行政公告行政公告	公告對象	全體
公告主題	【資安漏洞預警】趨勢科技旗下Apex One管理控制台存在2個重大資安漏洞 [Security Vulnerability Warning] Trend Micro's Apex One management console has two major security vulnerabilities
公告內容	轉發台灣電腦網路危機處理暨協調中心 TWCERTCC-200-202508-00000002 [內容說明] Apex One是趨勢科技旗下一款端點安全整合式方案，提供集中式管理功能，可有效防護企業端點免受各種網路安全威脅侵害。日前，趨勢科技發布2個重大資安漏洞(CVE-2025-54948，CVSS：9.4 和CVE-2025-54987，CVSS：9.4 )，皆屬於作業系統指令注入漏洞，允許預授權的遠端攻擊者上傳惡意程式碼並執行命令。 [影響平台] Apex One (on-prem) 2019 14.0.0.14039(含)之前版本 [建議措施] 根據官方網站釋出解決方式進行修補： https://success.trendmicro.com/en-US/solution/KA-0020652 [參考資料] https://www.twcert.org.tw/tw/cp-169-10314-4907b-1.html Forwarded by Taiwan Computer Network Crisis Response and Coordination Center (TWCERTCC-200-202508-00000002) [Description] Apex One is an integrated endpoint security solution from Trend Micro that provides centralized management capabilities and effectively protects enterprise endpoints from various cybersecurity threats. Trend Micro recently released two critical security vulnerabilities (CVE-2025-54948, CVSS: 9.4 and CVE-2025-54987, CVSS: 9.4). Both are operating system command injection vulnerabilities that allow pre-authenticated remote attackers to upload malicious code and execute commands. [Affected Platforms] Apex One (on-prem) 2019 versions 14.0.0.14039 and earlier [Recommended Action] Patch according to the solution released on the official website: https://success.trendmicro.com/en-US/solution/KA-0020652 [References] https://www.twcert.org.tw/tw/cp-169-10314-4907b-1.html
相關訊息	官方釋出解決方式參考資料
公告時間	2025/8/7 至 2026/2/7	點閱次數	58