Trend Micro has released security updates addressing multiple vulnerabilities in on-premises versions of Apex Central. The most critical issue, CVE-2025-69258 with a CVSS score of 9.8, is a remote code execution vulnerability in LoadLibraryEX. Two other vulnerabilities, CVE-2025-69259 with a and CVE-2025-69260, similarly affect Trend Micro Apex Central via remote execution. Review this Cybersecurity Threat Advisory to protect your environment.
What is the threat?
CVE-2025-69258 allows attackers to inject malicious DLLs through low-complexity, unauthenticated attacks that require no user interaction. By sending specially crafted messages to the MsgReceiver.exe process on TCP port 20001, attackers can execute code under SYSTEM privileges. CVE-2025-69259 and CVE-2025-69260 involve unchecked message handling (NULL pattern return value and out-of-bounds read), which can lead to DoS conditions.
Why is it noteworthy?
Apex Central is a self-hosted management platform for Trend Micro security products. Exploiting these vulnerabilities could allow attackers to remotely shut down the platform or execute arbitrary code, compromising enterprise security operations.
What is the exposure or risk?
According to Tenable, CVE-2025-69258 can be exploited by sending a “0x0a8d” (SC_INSTALL_HANDLER_REQUEST) message to MsgReceiver.exe, forcing it to load an attacker-controlled DLL. The vulnerability affects Apex Central on-premises versions prior to Build 7190. Trend Micro notes that successful exploitation typically requires physical or remote access to vulnerable endpoints.
Similarly, CVE-2025-69259 and CVE-2025-69260 can be triggered by sending a “0x1b5b” (SC_CMD_CGI_LOG_REQUEST) message to the same process on TCP port 20001.
What are the recommendations?
Barracuda advises the following steps to mitigate risk:
- Apply Critical Patch Build 7190 immediately.
- Review remote access to critical systems.
- Update security policies and perimeter defenses without delay.
References
For more in-depth information about the recommendations, please visit the following links:
- Trend Micro releases critical security fixes for Apex Central RCE
- Trend Micro warns of critical Apex Central RCE vulnerability
- Trend Micro patches critical flaws in its Apex Central software | CSO Online
- Trend Micro Apex Central RCE Flaw Scores 9.8 CVSS in On-Prem Windows Versions
If you have any questions about this Cybersecurity Threat Advisory, don’t hesitate to get in touch with Barracuda Managed XDR’s Security Operations Center.
