Japanese cybersecurity software firm Trend Micro has patched a critical security flaw in Apex Central (on-premise) that could allow attackers to execute arbitrary code with SYSTEM privileges.
Apex Central is a web-based management console that helps admins manage multiple Trend Micro products and services (including antivirus, content security, and threat detection) and deploy components like antivirus pattern files, scan engines, and antispam rules from a single interface.
Tracked as CVE-2025-69258, the vulnerability enables threat actors without privileges on the targeted system to gain remote code execution by injecting malicious DLLs in low-complexity attacks that don’t require user interaction.
“A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations,” Trend Micro said in a security advisory published this week.
As explained by cybersecurity company Tenable, which reported the flaw and shared technical details and proof-of-concept code, unauthenticated remote attackers can send a specially crafted message to the MsgReceiver.exe process listening on TCP port 20001, “leading to execution of attacker-supplied code under the security context of SYSTEM.”
While there are mitigating factors, like vulnerable systems being exposed to Internet attacks, Trend Micro urged customers to patch their systems as soon as possible.
“In addition to timely application of patches and updated solutions, customers are also advised to review remote access to critical systems and ensure policies and perimeter security is up-to-date,” Trend Micro added.
“However, even though an exploit may require several specific conditions to be met, Trend Micro strongly encourages customers to update to the latest builds as soon as possible.”
To address this vulnerability, Trend Micro has released Critical Patch Build 7190, which also fixes two denial-of-service flaws (CVE-2025-69259 and CVE-2025-69260) that can be exploited by unauthenticated attackers.
The company patched another remote code execution Apex Central vulnerability (CVE-2022-26871) three years ago, warning customers that it was actively exploited in the wild.
It’s budget season! Over 300 CISOs and security leaders have shared how they’re planning, spending, and prioritizing for the year ahead. This report compiles their insights, allowing readers to benchmark strategies, identify emerging trends, and compare their priorities as they head into 2026.
Learn how top leaders are turning investment into measurable impact.