Trend Micro Apex Central RCE Flaw Scores 9.8 CVSS in On-Prem Windows Versions

Published:

9 januari 2026 om 10:01:00

Alert date:

9 januari 2026 om 10:13:05

Source:

thehackernews.com

Security Tools, Enterprise Applications, Zero-Day Vulnerabilities

Trend Micro has released security updates to address multiple security vulnerabilities in on-premise versions of Apex Central for Windows. The critical vulnerability CVE-2025-69258 has a CVSS score of 9.8 out of 10.0 and could result in arbitrary code execution. This is described as a remote code execution flaw affecting Windows versions of the product. The high CVSS score indicates this is a critical security issue requiring immediate attention.

Technical details

CVE-2025-69258 is a LoadLibraryEX vulnerability that allows an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM. The vulnerability can be exploited by sending a message '0x0a8d' (SC_INSTALL_HANDLER_REQUEST) to the MsgReceiver.exe component. CVE-2025-69259 and CVE-2025-69260 are DoS vulnerabilities triggered by sending specially crafted message '0x1b5b' (SC_CMD_CGI_LOG_REQUEST) to the MsgReceiver.exe process which listens on default TCP port 20001. CVE-2025-69259 involves unchecked NULL return value and CVE-2025-69260 involves out-of-bounds read vulnerability.

Mitigation steps:

Apply timely patches and update to Build 7190 or later. Review remote access to critical systems and ensure policies and perimeter security are up-to-date. Note that successful exploitation requires an attacker to already have physical or remote access to a vulnerable endpoint.

Affected products:

Trend Micro Apex Central on-premise versions for Windows below Build 7190