"The most serious, with a CVSS score of 9.8, allows attackers to execute code with SYSTEM privileges without authentication. Organizations should immediately patch to Build 7190. The most dangerous vulnerability, CVE-2025-69258, is a remote code execution vulnerability in LoadLibraryEX. An attacker can load a malicious DLL into a critical part of the system without login credentials. This gives them full control with the highest system privileges. The impact is significant: confidentiality, integrity, and availability are all at stake."
"In addition to the RCE vulnerability, Trend Micro resolves two denial-of-service leaks. CVE-2025-69259 exploits an unchecked NULL return value, while CVE-2025-69260 involves an out-of-bounds read. Both score 7.5 on the CVSS scale and also do not require authentication. For on-premise installations of Apex Central on Windows, Trend Micro has released Critical Patch Build 7190. All versions below that build number are vulnerable. The company strongly recommends installing this patch and upgrading to the latest available version as soon as it becomes available."
Apex Central contains three critical vulnerabilities requiring immediate patching to Build 7190. The most severe, CVE-2025-69258, is a remote code execution in LoadLibraryEX that allows loading a malicious DLL without authentication, granting SYSTEM-level privileges and full control. Two additional vulnerabilities, CVE-2025-69259 and CVE-2025-69260, are denial-of-service issues (unchecked NULL return and out-of-bounds read) scoring 7.5 CVSS and requiring no authentication. Trend Micro releases Critical Patch Build 7190 for on-prem Windows installations and advises installing prerequisite software from the Download Center before applying the patch. Organizations should also review remote access and perimeter security.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]