Trend Micro has rolled out security updates to fix several serious flaws affecting on-premise deployments of Apex Central for Windows. Among them is a critical vulnerability that could allow attackers to execute malicious code with the highest system privileges.
The most severe issue, tracked as CVE-2025-69258, has a CVSS score of 9.8, placing it near the top of the severity scale. The flaw stems from how Apex Central handles dynamic library loading through LoadLibraryEX. If exploited, an unauthenticated remote attacker could force the application to load a malicious DLL, resulting in arbitrary code execution under the SYSTEM account.
Trend Micro explained that the weakness could allow an attacker to inject and run their own code inside a core executable on affected systems, giving them full control of the compromised host.
In addition to the critical bug, Trend Micro also addressed two high-severity denial-of-service vulnerabilities:
- CVE-2025-69259 (CVSS 7.5): A NULL return value handling issue that could be abused remotely to crash the service and disrupt operations.
- CVE-2025-69260 (CVSS 7.5): An out-of-bounds read flaw that could similarly be triggered to cause a denial-of-service condition.
All three vulnerabilities were discovered and responsibly disclosed by Tenable in August 2025. According to Tenable, the critical remote code execution flaw can be triggered by sending a specially crafted message, identified as 0x0a8d (SC_INSTALL_HANDLER_REQUEST), to the MsgReceiver.exe component. This forces the service to load an attacker-controlled DLL, leading to elevated code execution.
The two denial-of-service issues can also be exploited through crafted network messages, specifically 0x1b5b (SC_CMD_CGI_LOG_REQUEST), sent to the same MsgReceiver.exe process, which listens on TCP port 20001 by default.
The vulnerabilities affect Apex Central on-premise installations running versions below Build 7190. Trend Micro noted that successful exploitation generally requires the attacker to already have physical or remote access to a vulnerable endpoint, increasing the importance of strong access controls.
Alongside applying the latest patches, Trend Micro advises organizations to review remote access pathways, tighten security policies, and ensure perimeter defenses are properly configured to reduce exposure to these types of attacks.