- Pattern Micro warns its clients a couple of critical-severity flaw in its endpoint safety answer
- It launched a mitigation as it really works on a patch
- Customers are suggested to use the mitigations as quickly as attainable
Pattern Micro is warning clients of an ongoing assault which abuses a important severity vulnerability in considered one of its merchandise.
The corporate mentioned it lately found a command injection vulnerability in its on-prem model of the Apex One Administration Console – a sophisticated endpoint safety answer designed to guard enterprise networks from a variety of threats.
The vulnerability is tracked as both CVE-2025-54948, or CVE-2025-54987, relying on the CPU structure, and was assigned a severity rating of 9.4/10 (important). It permits risk actors to remotely run arbitrary code, together with malware.
Engaged on a patch
Pattern Micro mentioned it goals to launch a patch in mid-August 2025, which also needs to restore this perform.
“For this specific vulnerability, an attacker should have entry to the Pattern Micro Apex One Administration Console, so clients which have their console’s IP tackle uncovered externally ought to take into account mitigating components reminiscent of supply restrictions if not already utilized,” the corporate mentioned.
“Nevertheless, despite the fact that an exploit might require a number of particular circumstances to be met, Pattern Micro strongly encourages clients to replace to the most recent builds as quickly as attainable.”
Thus far, the corporate has seen a minimum of one assault happening within the wild, though it didn’t element the place, in opposition to whom, if it was efficient, or who the risk actors are.
Since Apex One is generally utilized in enterprise environments, and the bug permits distant code execution, it’s secure to imagine miscreants are utilizing it to drop infostealers and ransomware encryptors, whereas stealing delicate information for extortion.
With the issues now being being abused within the wild, Pattern Micro launched a mitigation measure to assist defend its clients as it really works on a patch. The mitigation, in accordance with the Japanese CERT, disables admins from utilizing the Distant Set up Agent perform to deploy brokers from the console.
By way of BleepingComputer
