Management Console's critical vulnerability found exploitable, Trend Micro proposes a less than ideal remedy

Management Console's critical vulnerability found exploitable, Trend Micro proposes a less than ideal remedy

In the realm of cybersecurity, two significant developments have caught the attention of IT professionals worldwide. On one hand, Trend Micro Apex One 2019 on-premise customers are grappling with a critical vulnerability under active exploitation. On the other hand, the DarkCloud infostealer, a notorious malware, has shown signs of resurgence.

Trend Micro's Apex One endpoint security platform has a critical vulnerability (CVE-2025-54948 and CVE-2025-54987) that is currently under active exploitation. These vulnerabilities, both with a CVSS score of 9.4, are present in the platform's web-based managed console. To mitigate the active exploitation of these vulnerabilities (CVE-2025-54948 and CVE-2025-54987), on-premise customers are recommended to apply the short-term mitigation tool released by Trend Micro on August 5, 2025. This tool, FixTool_Aug2025.exe, blocks known exploits for both vulnerabilities but disables the Remote Install Agent function in the Apex One Management Console.

It is crucial for on-premise customers to restrict access to the Apex One Management Console, especially if its IP address is exposed externally. Implement IP source restrictions or other network perimeter defenses to prevent unauthorized remote access since the exploit requires access to the Management Console. Preparations should also be made to deploy the official patch, expected around mid-August 2025, once it becomes available. Trend Micro will update their advisory at that time.

Apex One as a Service customers, however, are already protected automatically.

Meanwhile, the DarkCloud infostealer, a malware known for its data-stealing capabilities, has shown signs of resurgence. The new evolution of DarkCloud uses ConfuserEx and VB6 payload in its infection chain. The infestation process relies on fooling a user into opening a phishing email, downloading and decompressing a RAR, TAR, or 7Z file, and then opening a mysterious JavaScript file.

To combat this threat, it is advised to restrict management consoles and interfaces to authorized and trusted administrators only. Furthermore, be wary of opening suspicious email attachments and always verify the source of downloaded files.

In other news, Meta is taking steps to help WhatsApp users avoid scams. Group chats now feature a screen warning users to watch for scams and question whether they trust the person who added them to a group. WhatsApp now also includes a button to exit a group without ever seeing the chat message. Meta is also cautioning users when they receive messages from someone not on their contact list or their friends' contact lists.

Lastly, it's important to note that stolen data from the Bouygues Telecom data breach, affecting 6.4 million customers, includes contact information, contract data, and bank account information. However, bank cards and login data remain safe.

[1] Trend Micro Advisory: https://www.trendmicro.com/vinfo/us/security/advisory/cve-2025-54948 [2] Trend Micro Advisory: https://www.trendmicro.com/vinfo/us/security/advisory/cve-2025-54987 [3] Trend Micro Advisory Update: https://www.trendmicro.com/vinfo/us/security/advisory/cve-2025-54948-update [4] Trend Micro Mitigation Tool Download: https://downloadcenter.trendmicro.com/download/FixTool_Aug2025.exe

1. The active exploitation of the critical vulnerabilities in Trend Micro Apex One's web-based managed console (CVE-2025-54948 and CVE-2025-54987) has become a concern for on-premise customers worldwide.
2. A software patch for the aforementioned vulnerabilities is expected to be released by Trend Micro in mid-August 2025.
3. Until the official patch is available, Trend Micro has released a short-term mitigation tool (FixTool_Aug2025.exe) to block known exploits for both vulnerabilities.
4. However, this tool disables the Remote Install Agent function in the Apex One Management Console while in use.
5. It is crucial for on-premise customers to restrict access to their Apex One Management Console, especially if its IP address is exposed externally.
6. IP source restrictions or other network perimeter defenses should be implemented to prevent unauthorized remote access.
7. The DarkCloud infostealer, a notorious piece of malware, has shown signs of resurgence, using ConfuserEx and VB6 payload in its infection chain.
8. Users are advised to restrict access to management consoles and interfaces to authorized and trusted administrators only.
9. One should also be wary of opening suspicious email attachments and always verify the source of downloaded files to combat such threats.
10. Meta is taking steps to help WhatsApp users avoid scams by featuring a screen warning users about potential scams and having a button to exit a group without seeing a chat message.
11. Previously, a data breach at Bouygues Telecom affected 6.4 million customers, compromising contact information, contract data, and bank account information.
12. Fortunately, bank cards and login data remain safe in this case.
13. Data and cloud computing, telecom, finance, cybersecurity, technology, business, education-and-self-development, policy-and-legislation, politics, online-education, general-news, crime-and-justice, learning, lifelong-learning, sports, sports-betting, weather, and weather-forecasting - these are all sectors that witness a constant interplay between innovation, security, and potential threats.
14. As we navigate through the digital era, the importance of privacy, security, and cybersecurity in IoT, AI, cloud, telecom, banking-and-insurance, and other industries cannot be overstated.

Read also: