Tenable Security Research discovered three critical vulnerabilities in Trend Micro Apex Central. CVE-2025-69258 is a remote code execution vulnerability in MsgReceiver.exe that allows unauthenticated attackers to load arbitrary DLLs via LoadLibraryEx on TCP port 20001, achieving SYSTEM privileges. CVE-2025-69259 and CVE-2025-69260 are denial of service vulnerabilities in message processing that cause access violations through unchecked NULL return values and out-of-bounds reads. All vulnerabilities can be exploited without authentication and affect the MsgReceiver.exe service listening on the default port 20001.