Pattern Micro has launched mitigations to deal with vital security flaws in on-premise variations of Apex One Administration Console that it mentioned have been exploited within the wild.
The vulnerabilities (CVE-2025-54948 and CVE-2025-54987), each rated 9.4 on the CVSS scoring system, have been described as administration console command injection and distant code execution flaws.
“A vulnerability in Pattern Micro Apex One (on-premise) administration console might enable a pre-authenticated distant attacker to add malicious code and execute instructions on affected installations,” the cybersecurity firm mentioned in a Tuesday advisory.
Whereas each shortcomings are basically the identical, CVE-2025-54987 targets a distinct CPU structure. The Pattern Micro Incident Response (IR) Staff and Jacky Hsieh at CoreCloud Tech have been credited with reporting the 2 flaws.
There are at present no particulars on how the problems are being exploited in real-world assaults. Pattern Micro mentioned it “noticed not less than one occasion of an try to actively exploit one among these vulnerabilities within the wild.”
Mitigations for Pattern Micro Apex One as a Service have already been deployed as of July 31, 2025. A brief-term resolution for on-premise variations is offered within the type of a repair device. A proper patch for the vulnerabilities is predicted to be launched in mid-August 2025.
Nevertheless, Pattern Micro identified that whereas the device totally protects in opposition to identified exploits, it’s going to disable the flexibility for directors to make the most of the Distant Set up Agent perform to deploy brokers from the Pattern Micro Apex One Administration Console. It emphasised that different agent set up strategies, similar to UNC path or agent bundle, are unaffected.
“Exploiting these sort of vulnerabilities typically require that an attacker has entry (bodily or distant) to a weak machine,” the corporate mentioned. “Along with well timed utility of patches and up to date options, clients are additionally suggested to evaluate distant entry to vital techniques and guarantee insurance policies and perimeter security is up-to-date.”
