ZDI 2026-04-15

ZDI-26-269: TrendAI Apex One Console Directory Traversal Remote Code Execution Vulnerability

CVE-2025-54948

Machine-generated analysis · WAYSCloud LLM

The vulnerability permits unauthenticated remote attackers to execute arbitrary code on Trend Micro Apex One via directory traversal.

Context

The affected product is Trend Micro Apex One Console. The vulnerability is a directory traversal issue that leads to remote code execution. Authentication is not required to exploit the vulnerability, as stated in the advisory. The ZDI assigned a CVSS rating of 9.8, indicating high severity based on the scoring system.

Operator considerations

Check: Determine if Trend Micro Apex One Console is deployed in the environment.

From Zero Day Initiative ↗

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2025-54948.

Read the full advisory on ZDI →