Pattern Micro has launched mitigations to deal with crucial safety flaws in on-premise variations of Apex One Administration Console that it stated have been exploited within the wild.
The vulnerabilities (CVE-2025-54948 and CVE-2025-54987), each rated 9.4 on the CVSS scoring system, have been described as administration console command injection and distant code execution flaws.
“A vulnerability in Pattern Micro Apex One (on-premise) administration console might enable a pre-authenticated distant attacker to add malicious code and execute instructions on affected installations,” the cybersecurity firm stated in a Tuesday advisory.
Whereas each shortcomings are primarily the identical, CVE-2025-54987 targets a unique CPU structure. The Pattern Micro Incident Response (IR) Group and Jacky Hsieh at CoreCloud Tech have been credited with reporting the 2 flaws.
In response to ZeroPath, CVE-2025-54948 stems from a scarcity of enough enter validation within the administration console’s backend, thereby permitting a distant attacker with entry to the administration console interface to craft payloads that inject malicious working system instructions and end in distant code execution.
There are at present no particulars on how the problems are being exploited in real-world assaults. Pattern Micro stated it “noticed no less than one occasion of an try to actively exploit one in every of these vulnerabilities within the wild.”
Mitigations for Pattern Micro Apex One as a Service and Pattern Imaginative and prescient One Endpoint Safety – Normal Endpoint Safety have already been deployed as of July 31, 2025. A brief-term answer for on-premise variations is out there within the type of a repair device. A proper patch for the vulnerabilities is anticipated to be launched in mid-August 2025.
Nevertheless, Pattern Micro identified that whereas the device absolutely protects towards recognized exploits, it can disable the power for directors to make the most of the Distant Set up Agent operate to deploy brokers from the Pattern Micro Apex One Administration Console. It emphasised that different agent set up strategies, resembling UNC path or agent package deal, are unaffected.
“Exploiting these sort of vulnerabilities usually require that an attacker has entry (bodily or distant) to a susceptible machine,” the corporate stated. “Along with well timed software of patches and up to date options, clients are additionally suggested to evaluation distant entry to crucial methods and guarantee insurance policies and perimeter safety is up-to-date.”
One other prerequisite for profitable exploitation is that the attacker should have entry to the Pattern Micro Apex One Administration Console. Due to this fact, clients which have their console’s IP deal with uncovered externally are beneficial to implement supply restrictions if not already utilized.
