Sign in Subscribe
Threat Intelligence

Critical CVEs in Focus: What You Need to Patch Now

This post highlights four high-severity CVEs—Trend Micro Apex One, Android GPU drivers, Apple WebKit, and Gigabyte firmware—and explains how to safeguard your systems now.

Critical CVEs in Focus: What You Need to Patch Now
  1. Trend Micro Apex One Command Injection (CVE-2025-54948 / CVE-2025-54987)
    1. What's happening: Trend Micro has disclosed critical command injection vulnerabilities (CVE-2025-54948 & CVE-2025-54987) impacting its Apex One Management Console. These flaws allow for remote code execution in enterprise environments, and at least one active exploitation has already been observed.
    2. Action: While a patch is expected by mid-August, Trend Micro and Japan's CERT recommend immediately disabling the Remote Install Agent and restricting access to the console from untrusted networks.
  2. Google Fixes Qualcomm GPU Exploits in Android Update (CVE-2025-21479 & CVE-2025-27038)
    1. Overview: Google's August 2025 Android update includes patches for critical Qualcomm vulnerabilities– specifically CVE-2025-21479 (in the Graphics framework) and CVE-2025-27038 (in Adreno GPU drivers)– both linked to memory corruption and unauthorized command execution.
    2. Risk level: These flaws were added to CISA's Known Exploited Vulnerabilities list, with federal agencies mandated to patch by June 24, 2025.
    3. Recommendation: Update Android devices immediately to receive these critical fixes.
  3. Apple WebKit Zero-Day Under Attack (CVE-2025-6558)
    1. Summary: Apple's iOS 18.6 and macOS 13.6 updates include a fix for CVE-2025-6558–a WebKit zero-day vulnerability actively exploited in the wild.
    2. Action: Users should install the update immediately via their device settings to prevent unauthorized code execution.
  4. Gigabyte UEFI Firmware Flaws (CVE-2025-7026 / 7027 / 7028 / 7029)
    1. Details: Security firm Binarly identified four critical vulnerabilities in Gigabyte motherboard UEFI firmware. These SMM-level flaws can bypass Secure Boot, allowing attackers to install firmware-level backdoors. While no exploitation cases are yet reported, over 100 motherboard models are impacted.
    2. Mitigation: Users should update firmware via Gigabyte's support pages and verify Secure Boot remains enabled after the update.

ThreatGrid Takeaways

CVE Key Action
Trend Micro Apex One Disable Remote Install Agent; update as soon as patch is available
Android GPU Exploits Apply Android 2025-08 patches immediately
Apple WebKit Zero-Day Install iOS 18.6/macOS 13.6 updates
Gigabyte Firmware Vulnerabilities Flash latest BIOS/UEFI and validate Secure Boot

Read next