Critical Directory Traversal Flaw in TrendAI Apex One Console Allows Unauthenticated RCE

A critical directory traversal vulnerability (CVE-2025-54987) in TrendAI Apex One Console allows unauthenticated remote attackers to execute arbitrary code without authentication. The flaw, disclosed by Zero Day Initiative on April 15, 2026, carries a CVSS score of 9.8, indicating maximum severity.

The vulnerability resides in the Apex One console, which listens on TCP ports 8080 and 4343 by default. The issue stems from improper validation of user-supplied paths before using them in file operations. An attacker can exploit this to execute arbitrary code in the context of the IUSR account, leading to full system compromise.

TrendAI has released a security update to address the vulnerability. Users are urged to apply the patch immediately. The advisory credits Charles Yang of CoreCloud Tech for discovering the flaw.

The disclosure timeline shows the vulnerability was reported to TrendAI on August 26, 2025, with coordinated public release on April 15, 2026. This coordinated release follows standard responsible disclosure practices.

This vulnerability poses a significant risk to organizations using TrendAI Apex One for endpoint security. The ability to execute code remotely without authentication could allow attackers to gain a foothold in enterprise networks, potentially leading to data breaches or ransomware deployment.

Organizations should prioritize patching this vulnerability, especially if the Apex One console is exposed to the internet. Network segmentation and access controls can mitigate risk until patches are applied.

The discovery highlights the ongoing challenge of securing enterprise management consoles, which often have broad access to sensitive systems. As attackers increasingly target these interfaces, vendors must ensure robust input validation and authentication mechanisms.