A serious flaw has been patched in the onsite solution of Trend Micro’s Apex Central by the Japanese cybersecurity software firm Trend Micro, under which an attacker could use the vulnerability to carry out arbitrary code execution with privileges to the SYSTEM.
Apex Central is an internet management console through which administrators can manage multiple Trend Micro products and services for antivirus, content security, and threat protection from a central location. The manager further provides the distribution of components such as antivirus pattern files, scan engines, and antispam rules.
This flaw, which is being tracked under the number CVE-2025-69258, allows malicious actors without system privileges to execute code on a target system simply by injecting malicious DLLs into it.
In Trend Micro Apex Central, a vulnerability in LoadLibraryEX could enable a remote, unauthenticated attacker to inject their DLL into a critical .exe, resulting in the execution of malicious code in the context of SYSTEM, according to Trend Micro, in a security notice released this week.
This vulnerability was likely exploitable by unauthenticated remote attackers who could have sent a crafted message directly to the running MsgReceiver.exe process on port 20001, "causing the execution of attacker controlled code with SYSTEM privileges," as stated by cybersecurity firm Tenable, the one who detected this vulnerability and released a corresponding notification with all of this information.
Although there were factors that could mitigate this vulnerability, including vulnerable systems exposed to Internet attacks, the company encouraged its clients to patch their systems as soon as possible.
“Apart from the application of patches/updated solutions when due, customers must also take the time to examine their critical systems remotely and make sure their policies and perimeter security,” added Trend Micro.
"However, although an exploit may require several conditions to happen, Trend Micro strongly encourages customers to update to the latest builds as soon as possible."
Trend Micro has released Critical Patch Build 7190, which addresses the bug and two other denial of service flaws that can be exploited by an unauthenticated attacker (CVE-2025-69259 and CVE-2025-69260).
The company patched another remote code execution Apex Central vulnerability, CVE-2022-26871, three years ago, warning customers it was actively exploited in the wild.
👉🏻 Found this article interesting? Follow us on Facebook, Twitter and whatsapp to read more exclusive content we post.
