Trend Micro Apex Central RCE Flaw Scores 9.8 CVSS in On-Prem Windows Versions

To fix several security flaws affecting on-premise versions of Apex Central for Windows, including a serious flaw that could lead to arbitrary code execution, Trend Micro has released security updates This article explores vulnerability trend micro. . The vulnerability has a CVSS score of 9.8 out of a possible 10.0, and it is tracked as CVE-2025-69258.

A case of remote code execution impacting LoadLibraryEX has been identified as the vulnerability. "A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations," the cybersecurity firm stated.

Two additional vulnerabilities have also been fixed by Trend Micro. CVE-2025-69259 (CVSS score: 7.5) is a message unchecked NULL return value vulnerability in Trend Micro Apex Central that could enable a remote, unauthenticated attacker to cause a denial-of-service condition on impacted installations. CVE-2025-69260 (CVSS score: 7.5) is a message out-of-bounds read vulnerability in Trend Micro Apex Central that could enable a remote, unauthenticated attacker to create a denial-of-service condition on impacted installations.

According to Tenable, which is credited with discovering and reporting all three flaws in August 2025, an attacker can exploit CVE-2025-69258 by sending a message "0x0a8d" ("SC_INSTALL_HANDLER_REQUEST") to the MsgReceiver.exe component, loading a DLL under their control.

Similarly, sending a specially constructed message "0x1b5b" ("SC_CMD_CGI_LOG_REQUEST") to the MsgReceiver.exe process, which listens on the default TCP port 20001, can also cause CVE-2025-69259 and CVE-2025-69260. Apex Central on-premise versions less than Build 7190 are affected. According to Trend Micro, an attacker must already have physical or remote access to a vulnerable endpoint in order to successfully exploit it.

"Customers are also advised to review remote access to critical systems and ensure policies and perimeter security are up-to-date, in addition to timely application of patches and updated solutions," the statement continued.