Trend Micro has released security updates to address several serious vulnerabilities affecting on-premise versions of Apex Central for Windows. One of these flaws is classified as critical because it could allow attackers to execute malicious code remotely.

The main vulnerability is tracked as CVE-2025-69258 and has a CVSS score of 9.8. This issue is related to the LoadLibraryEX function, which can be abused by an unauthenticated attacker to load a malicious DLL into a critical process. If successfully exploited, the attacker’s code would run with SYSTEM privileges, the highest level of access on Windows.

In addition to the critical flaw, Trend Micro also patched two other vulnerabilities that could lead to denial-of-service (DoS) conditions. These issues may allow remote attackers to crash or disrupt Apex Central services by sending specially crafted messages to internal application components.

All of these vulnerabilities were discovered and reported by Tenable in August 2025. According to the technical details, the attacks can be triggered by sending specific messages to the MsgReceiver.exe process, which listens on the default TCP port 20001. While the attack method is technical, the potential impact is significant if systems remain unpatched.

The vulnerabilities affect Trend Micro Apex Central on-premise versions below Build 7190. However, Trend Micro noted that successful exploitation requires the attacker to already have physical or remote access to a vulnerable endpoint.

As a preventive measure, administrators are strongly advised to apply the official Trend Micro patches as soon as possible. It is also recommended to review remote access to critical systems, ensure security policies are up to date, and strengthen network perimeter protections to reduce overall risk.

^{Source: https://thehackernews.com/2026/01/trend-micro-apex-central-rce-flaw.html}