Trend Micro has issued urgent security updates for multiple vulnerabilities affecting on-premise Windows deployments of Apex Central, including a critical flaw that could allow attackers to execute arbitrary code with elevated privileges.
The most severe issue, tracked as CVE-2025-69258, has been assigned a CVSS score of 9.8, placing it among the highest risk vulnerabilities. According to Trend Micro, the flaw stems from improper handling of the Windows LoadLibraryEX function, which could allow an unauthenticated remote attacker to load a malicious DLL file.
If successfully exploited, the vulnerability enables attackers to execute arbitrary code under the SYSTEM account, granting full control over the affected system.
In addition to the critical RCE flaw, Trend Micro also patched two medium severity vulnerabilities:
- CVE-2025-69259 (CVSS 7.5): A NULL pointer handling issue that could allow attackers to trigger a denial-of-service condition
- CVE-2025-69260 (CVSS 7.5): An out-of-bounds read vulnerability that could also result in denial-of-service attacks
Security firm Tenable, which reported all three vulnerabilities in August 2025, explained that CVE-2025-69258 can be exploited by sending a crafted message labeled SC_INSTALL_HANDLER_REQUEST (0x0a8d) to the MsgReceiver.exe service. This forces the service to load an attacker-controlled DLL, leading to privilege escalation and remote code execution.
Similarly, the denial-of-service vulnerabilities can be triggered using a specially crafted SC_CMD_CGI_LOG_REQUEST (0x1b5b) message sent to the same component. The vulnerable service listens on TCP port 20001 by default, increasing exposure in misconfigured environments.
The vulnerabilities affect Apex Central on-premise installations below Build 7190. Trend Micro emphasized that exploitation requires an attacker to already have physical or remote access to a vulnerable endpoint.
As a mitigation strategy, Trend Micro strongly recommends applying the latest patches immediately, restricting remote access to management servers, and reviewing network perimeter security policies to reduce attack surfaces.
Found this article interesting? Follow us on X (Twitter) , Facebook, Blue sky and LinkedIn to read more exclusive content we post.
