Trend Micro fixed three Apex Central flaws discovered by Tenable that could allow remote code execution or denial-of-service attacks.
Trend Micro patched three flaws (CVE-2025-69258, CVE-2025-69259, CVE-2025-69260) in its Apex Central management console after Tenable disclosed details and PoC code. The researchers discovered the vulnerabilities in August 2025, which could enable remote code execution or denial-of-service attacks.
Below are the affected Version(s):
| Product | Affected Version(s) | Platform | Language(s) |
|---|---|---|---|
| Apex Central (on-premise) | Versions below Build 7190 | Windows | English |
The most severe issue is a LoadLibraryEX remote code execution (RCE) vulnerability tracked as CVE-2025-69258 (CVSS score 9.8).
“A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations.” reads the advisory.
An unauthenticated attacker can trigger the flaw to load a malicious DLL and execute code as SYSTEM on vulnerable systems.
“An unauthenticated remote attacker can send message 0x0a8d to load an attacker-controlled DLL into MsgReceiver.exe, leading to execution of attacker-supplied code under the security context of SYSTEM.” reads the report published by Tenable that includes PoC exploit code.
The other vulnerabilities, tracked as CVE-2025-69259 and CVE-2025-69260 (CVSS score of 7.5), addressed by the cybersecurity firm are respectively an unchecked NULL return value Denial of Service (DoS) issue and a message out-of-bounds read Denial of Service (DoS) flaw.
Below are the descriptions for these vulnerabilities, which can be exploited by unauthenticated attackers:
- CVE-2025-69259: Message Unchecked NULL Return Value Denial of Service (DoS) Vulnerability – A message unchecked NULL return value vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations.
- CVE-2025-69260: Message Out-of-bounds Read Denial of Service (DoS) Vulnerability – A message out-of-bounds read vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations.
Exploiting these flaws typically requires access to a vulnerable system, but Trend Micro urges customers to promptly apply patches, limit remote access, and keep security controls up to date.
The company addressed the flaw in this product release:
| Product | Updated version | Notes | Platform | Availability |
|---|---|---|---|---|
| Apex Central (on-premise) | Critical Patch Build 7190 | Readme | Windows | Now Available |
In August 2025, Trend Micro released fixes for two critical vulnerabilities, tracked as CVE-2025-54948 and CVE-2025-54987 (CVSS score of 9.4), in Apex One on-prem consoles. The cybersecurity vendor confirmed that both issues were actively exploited in the wild.
Both vulnerabilities are command injection remote code execution (RCE) issues on Apex One Management Console (on-premise).
“Trend Micro has observed as least one instance of an attempt to actively exploit one of these vulnerabilities in the wild.” reads the advisory published by the company.
The company did not publish details about the attacks exploiting these vulnerabilities.
In June, Trend Micro fixed multiple vulnerabilities that impact its Apex Central and Endpoint Encryption (TMEE) PolicyServer products.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Apex Central)
