Trend Micro Patches Critical RCE Flaw in Apex Central Management Console
Trend Micro has released a critical security update for its Apex Central on-premise management console, addressing a severe vulnerability (CVE-2025-69258) that could allow unauthenticated attackers to execute arbitrary code with SYSTEM privileges. Apex Central is a centralized web-based platform used by administrators to manage Trend Micro security products, including antivirus, threat detection, and content security tools.
The flaw, a LoadLibraryEX vulnerability, enables remote attackers to inject malicious DLLs into the MsgReceiver.exe process—listening on TCP port 20001—without requiring user interaction or prior authentication. According to Trend Micro’s advisory, successful exploitation could grant attackers full control over affected systems under the highest privilege level.
Cybersecurity firm Tenable, which discovered and reported the vulnerability, provided technical details and proof-of-concept code, confirming that attackers could trigger the exploit by sending a specially crafted message to the vulnerable process. While exploitation requires specific conditions, such as exposed systems accessible via the internet, Trend Micro has urged immediate patching.
The update (Critical Patch Build 7190) also resolves two additional denial-of-service (DoS) vulnerabilities (CVE-2025-69259 and CVE-2025-69260), both exploitable by unauthenticated attackers. This follows a previous remote code execution (RCE) flaw (CVE-2022-26871) patched in 2022, which was actively exploited in the wild.
Organizations using Apex Central are advised to apply the latest patch to mitigate potential attacks.
Trend Micro cybersecurity rating report: https://www.rankiteo.com/company/trend-micro
"id": "TRE1767958435",
"linkid": "trend-micro",
"type": "Vulnerability",
"date": "1/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Cybersecurity',
'location': 'Japan',
'name': 'Trend Micro',
'type': 'Cybersecurity Software Firm'}],
'attack_vector': 'Network (TCP port 20001)',
'description': 'Trend Micro patched a critical security flaw in Apex Central '
'(on-premise) that could allow attackers to execute arbitrary '
'code with SYSTEM privileges. The vulnerability, tracked as '
'CVE-2025-69258, enables unauthenticated remote attackers to '
'gain remote code execution by injecting malicious DLLs in '
'low-complexity attacks without requiring user interaction.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'critical vulnerability',
'operational_impact': 'Potential unauthorized code execution with '
'SYSTEM privileges',
'systems_affected': 'Trend Micro Apex Central (on-premise)'},
'investigation_status': 'Patched',
'post_incident_analysis': {'corrective_actions': 'Patch released (Critical '
'Patch Build 7190)',
'root_causes': 'LoadLibraryEX vulnerability in '
'MsgReceiver.exe process'},
'recommendations': 'Apply patches immediately, review remote access policies, '
'and ensure perimeter security is up-to-date.',
'references': [{'source': 'Trend Micro Security Advisory'},
{'source': 'Tenable Technical Details and PoC'}],
'response': {'communication_strategy': 'Security advisory published by Trend '
'Micro',
'containment_measures': 'Patch released (Critical Patch Build '
'7190)',
'enhanced_monitoring': 'Review remote access to critical systems '
'and update perimeter security policies',
'remediation_measures': 'Apply Critical Patch Build 7190 to '
'address CVE-2025-69258, CVE-2025-69259, '
'and CVE-2025-69260',
'third_party_assistance': 'Tenable (reported the flaw)'},
'stakeholder_advisories': 'Customers urged to update to the latest builds as '
'soon as possible.',
'title': 'Critical Remote Code Execution Vulnerability in Trend Micro Apex '
'Central (CVE-2025-69258)',
'type': 'Remote Code Execution (RCE)',
'vulnerability_exploited': 'CVE-2025-69258 (LoadLibraryEX vulnerability in '
'MsgReceiver.exe)'}