Trend Micro Apex Central RCE Flaw Scores 9.8 CVSS in On-Prem Windows Versions

Trend Micro Apex Central RCE Flaw Scores 9.8 CVSS in On-Prem Windows Versions

Briefly

""Trend Micro has released security updates to address multiple security vulnerabilities impacting on-premise versions of Apex Central for Windows, including a critical bug that could result in arbitrary code execution. The vulnerability, tracked as CVE-2025-69258, carries a CVSS score of 9.8 out of a maximum of 10.0. The vulnerability has been described as a case of remote code execution affecting LoadLibraryEX.""

""A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations," the cybersecurity company said. Also patched by Trend Micro are two other flaws - CVE-2025-69259 (CVSS score: 7.5) - A message unchecked NULL return value vulnerability in Trend Micro Apex Central could allow a remote, unauthenticated attacker to create a denial-of-service condition on affected installations CVE-2025-69260 (CVSS score: 7.5) - A message out-of-bounds read vulnerability in Trend Micro Apex Central could allow a remote, unauthenticated attacker to create a denial-of-service condition on affected installations"

""Tenable, which is credited with identifying and reporting all three flaws in August 2025, said an attacker can exploit CVE-2025-69258 by sending a message \"0x0a8d\" (\"SC_INSTALL_HANDLER_REQUEST\") to the MsgReceiver.exe component, causing a DLL under their control to be loaded into the binary, resulting in code execution with elevated privileges. Similarly, CVE-2025-69259 and CVE-2025-69260 can also be triggered by sending a specially crafted message \"0x1b5b\" (\"SC_CMD_CGI_LOG_REQUEST\") to the MsgReceiver.exe process, which listens on the default TCP port 20001.""