Trend Micro has released security updates to address multiple security vulnerabilities impacting on-premise versions of Apex Central for Windows, including a critical bug that could result in arbitrary code execution.
The vulnerability, tracked as CVE-2025-69258, carries a CVSS score of 9.8 out of a maximum of 10.0. The vulnerability has been described as a case of remote code execution affecting LoadLibraryEX.
“A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations,” the cybersecurity company said.
Also patched by Trend Micro are two other flaws –
- CVE-2025-69259 (CVSS score: 7.5) – A message unchecked NULL return value vulnerability in Trend Micro Apex Central could allow a remote, unauthenticated attacker to create a denial-of-service condition on affected installations
- CVE-2025-69260 (CVSS score: 7.5) – A message out-of-bounds read vulnerability in Trend Micro Apex Central could allow a remote, unauthenticated attacker to create a denial-of-service condition on affected installations
Tenable, which is credited with identifying and reporting all three flaws in August 2025, said an attacker can exploit CVE-2025-69258 by sending a message “0x0a8d” (“SC_INSTALL_HANDLER_REQUEST”) to the MsgReceiver.exe component, causing a DLL under their control to be loaded into the binary, resulting in code execution with elevated privileges.
Similarly, CVE-2025-69259 and CVE-2025-69260 can also be triggered by sending a specially crafted message “0x1b5b” (“SC_CMD_CGI_LOG_REQUEST”) to the MsgReceiver.exe process, which listens on the default TCP port 20001.
The issues impact Apex Central on-premise versions below Build 7190. Trend Micro noted that successful exploitation hinges on an attacker already having physical or remote access to a vulnerable endpoint.
“In addition to timely application of patches and updated solutions, customers are also advised to review remote access to critical systems and ensure policies and perimeter security are up-to-date,” it added.
