Critical RCE Flaw in Trend Micro Apex Central: Patch Now

▼ Summary
– Trend Micro has patched a critical security flaw (CVE-2025-69258) in its Apex Central on-premise management console.
– The vulnerability allows unauthenticated remote attackers to execute arbitrary code with SYSTEM privileges by injecting a malicious DLL.
– Attackers can exploit this by sending a specially crafted message to a specific process (MsgReceiver.exe) on TCP port 20001.
– Trend Micro has released Critical Patch Build 7190 to fix this flaw and two related denial-of-service vulnerabilities.
– The company strongly urges customers to apply this patch immediately, despite some mitigating factors like internet exposure requirements.
A critical vulnerability has been identified in Trend Micro’s Apex Central on-premise management console, enabling unauthenticated attackers to execute malicious code with the highest system privileges. This flaw represents a severe risk to organizations using the platform for centralized security management. The web-based console is designed to help administrators oversee a range of Trend Micro products, including antivirus and threat detection services, from a single interface, making it a high-value target for cybercriminals.
The security weakness, cataloged as CVE-2025-69258, allows remote threat actors to perform code execution without any user interaction. By exploiting a LoadLibraryEX issue, attackers can send a specially crafted message to a specific process listening on TCP port 20001. This action forces the system to load a malicious DLL file, ultimately running attacker-supplied code under the powerful SYSTEM security context. The cybersecurity firm Tenable, which discovered and reported the flaw, has provided technical details and proof-of-concept code, confirming the attack’s low complexity.
While successful exploitation may require certain conditions, such as the vulnerable system being directly accessible from the internet, the potential impact is extreme. Gaining SYSTEM privileges essentially gives an attacker complete control over the affected machine. Trend Micro has strongly urged all customers to apply the provided security update immediately to mitigate this threat. The company’s advisory emphasizes that, alongside prompt patching, organizations should review remote access to critical systems and ensure perimeter security defenses are current.
To resolve this issue, Trend Micro has released Critical Patch Build 7190. This update not only addresses the remote code execution flaw but also fixes two separate denial-of-service vulnerabilities tracked as CVE-2025-69259 and CVE-2025-69260. These additional flaws could also be exploited by unauthenticated attackers to disrupt services. This incident echoes a previous security event from three years ago when Trend Micro patched another actively exploited remote code execution vulnerability in Apex Central, identified as CVE-2022-26871, highlighting the ongoing need for vigilant patch management in enterprise security software.
(Source: Bleeping Computer)

