Vulnerabilities

Trend Micro Patches Critical Code Execution Flaw in Apex Central

Tenable has released PoC code and technical details after the vendor announced the availability of patches for three vulnerabilities.

Published

Trend Micro vulnerability

Trend Micro this week announced patches for three vulnerabilities affecting its Apex Central product. 

Apex Central is a console designed for managing Trend Micro products and services. Researchers at Tenable discovered in August 2025 that the product is affected by three vulnerabilities that can be exploited for remote code execution or DoS attacks.

According to Trend Micro’s advisory, the flaws impact the on-premises version of Apex Central, and they have been fixed with the release of Critical Patch build 7190.

The most serious of the flaws, tracked as CVE-2025-69258 and assigned a critical severity rating, is a LoadLibraryEX issue that can allow an unauthenticated, remote attacker to load a malicious DLL file into a key executable, which results in the attacker’s code being executed with System privileges.

The remaining issues, identified as CVE-2025-69259 and CVE-2025-69260, both classified as high severity, can be exploited by a remote attacker to cause a DoS condition. 

While the vulnerabilities do not require authentication, Trend Micro pointed out that the attacker does need to gain access to the victim’s network before exploiting the flaws. 

Advertisement. Scroll to continue reading.

Tenable has published technical details and PoC exploit code for each of the vulnerabilities, which can increase the likelihood of exploitation.  

It’s not uncommon for threat actors to exploit vulnerabilities in Trend Micro Apex products. CISA’s Known Exploited Vulnerabilities (KEV) catalog currently includes 10 CVEs associated with flaws in this product line.

While a majority of the CVEs are for Apex One vulnerabilities, Apex Central has also been targeted by attackers. 

Attribution information is rarely made public, but at least some attacks have been linked to Chinese threat actors

The most recent reports of attacks exploiting Trend Micro Apex One vulnerabilities date back to August 2025. 

Related: Critical HPE OneView Vulnerability Exploited in Attacks

Related: Exploit for VMware Zero-Day Flaws Likely Built a Year Before Public Disclosure

Related: Critical Vulnerabilities Patched in Trend Micro Apex Central, Endpoint Encryption

In this article:, ,

Related Content

Ivanti Fortinet Splunk vulnerability patches

Vulnerabilities

Critical Vulnerabilities Patched in Fortinet, Ivanti Products

Two OS command injection flaws can be exploited remotely, without authentication, for arbitrary code execution.

54 minutes ago

ICS/OT

ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Phoenix Contact

In addition, Rockwell Automation announced some enhancements to its SecureOT cybersecurity solution for OT.

2 hours ago

Vulnerabilities

Microsoft Patches 200 Vulnerabilities

Three of the vulnerabilities fixed with the latest Patch Tuesday updates were publicly disclosed before Microsoft addressed them.

15 hours ago

Vulnerabilities

Adobe Patches 123 Vulnerabilities

Nearly half of the security holes, most allowing arbitrary code execution, have been fixed in Adobe’s Experience Manager product.

15 hours ago

Vulnerabilities

OpenSSL Patches High-Severity Vulnerability Found With AI

A total of 18 vulnerabilities have been patched in the latest OpenSSL releases, including many that were potentially discovered by AI.

17 hours ago

Artificial Intelligence

Claude Mythos Turns N-Days Into N-Hours With Rapid Exploit Creation

Public LLM models with safeguards turned off can also build working exploits, increasing patch gap risks.

19 hours ago

Vulnerabilities

SAP Patches Critical NetWeaver, Commerce Vulnerabilities

The flaws could lead to the disclosure of sensitive information, memory corruption, and disruption of normal system usage.

21 hours ago

Vulnerabilities

Everest Forms Vulnerability Exploited to Hack WordPress Sites

The flaw allows attackers to execute arbitrary code remotely and has been exploited in the wild for two months.

2 days ago

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version