Trend Micro has released security updates to address multiple security vulnerabilities affecting the on-premises version of Apex Central for Windows. This contains a critical bug that could lead to arbitrary code execution.
This vulnerability is tracked as CVE-2025-69258 and has a CVSS score of 9.8 out of a maximum of 10.0. This vulnerability is described as a remote code execution case affecting LoadLibraryEX.
“The LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated, remote attacker to load an attacker-controlled DLL into the main executable file, potentially resulting in attacker-supplied code being executed in the SYSTEM context on an affected installation,” the cybersecurity firm said.
Two other flaws have been patched by Trend Micro.
CVE-2025-69259 (CVSS Score: 7.5) – Message Unchecked NULL Return Value vulnerability in Trend Micro Apex Central could allow a remote, unauthenticated attacker to cause a denial of service condition on an affected installation CVE-2025-69260 (CVSS Score: 7.5) – Trend Micro Apex Central out-of-bounds message read vulnerability could allow a remote, unauthenticated attacker to cause a denial of service condition on an affected installation.
Tenable, which is credited with identifying and reporting all three flaws in August 2025, said an attacker could exploit CVE-2025-69258 by sending a message “0x0a8d” (“SC_INSTALL_HANDLER_REQUEST”) to the MsgReceiver.exe component, allowing the DLL under their control to is loaded into the binary, which could result in code being executed with elevated privileges.
Similarly, CVE-2025-69259 and CVE-2025-69260 can also be triggered by sending a specially crafted message “0x1b5b” (“SC_CMD_CGI_LOG_REQUEST”) to the MsgReceiver.exe process listening on the default TCP port 20001.
This issue affects Apex Central on-premises versions prior to build 7190. Trend Micro noted that a successful exploit depends on whether the attacker already has physical or remote access to the vulnerable endpoint.
“In addition to applying patches and updated solutions in a timely manner, customers are also encouraged to review remote access to critical systems and ensure policies and perimeter security are up to date,” it added.
Source link
