Trend Micro Patches Critical Code Execution Flaw in Apex Central

Trend Micro Patches Critical Code Execution Flaw in Apex Central

Posted on By CWS

Pattern Micro this week introduced patches for 3 vulnerabilities affecting its Apex Central product. 

Apex Central is a console designed for managing Pattern Micro services. Researchers at Tenable found in August 2025 that the product is affected by three vulnerabilities that may be exploited for distant code execution or DoS assaults.

In line with Pattern Micro’s advisory, the issues affect the on-premises model of Apex Central, they usually have been fastened with the discharge of Crucial Patch construct 7190.

Essentially the most critical of the issues, tracked as CVE-2025-69258 and assigned a important severity ranking, is a LoadLibraryEX challenge that may enable an unauthenticated, distant attacker to load a malicious DLL file right into a key executable, which leads to the attacker’s code being executed with System privileges.

The remaining points, recognized as CVE-2025-69259 and CVE-2025-69260, each categorized as excessive severity, will be exploited by a distant attacker to trigger a DoS situation. 

Whereas the vulnerabilities don’t require authentication, Pattern Micro identified that the attacker does want to achieve entry to the sufferer’s community earlier than exploiting the issues. Commercial. Scroll to proceed studying.

Tenable has revealed technical particulars and PoC exploit code for every of the vulnerabilities, which might enhance the chance of exploitation.  

It’s not unusual for menace actors to take advantage of vulnerabilities in Pattern Micro Apex merchandise. CISA’s Recognized Exploited Vulnerabilities (KEV) catalog at the moment consists of 10 CVEs related to flaws on this product line.

Whereas a majority of the CVEs are for Apex One vulnerabilities, Apex Central has additionally been focused by attackers. 

Attribution data is never made public, however at the very least some assaults have been linked to Chinese language menace actors. 

The newest studies of assaults exploiting Pattern Micro Apex One vulnerabilities date again to August 2025. 

Associated: Crucial HPE OneView Vulnerability Exploited in Assaults

Associated: Exploit for VMware Zero-Day Flaws Doubtless Constructed a Yr Earlier than Public Disclosure

Associated: Crucial Vulnerabilities Patched in Pattern Micro Apex Central, Endpoint Encryption

Security Week News Tags:, , , , , , , ,

Related Posts

Microsoft’s Project Ire Autonomously Reverse Engineers Software to Find Malware Microsoft’s Project Ire Autonomously Reverse Engineers Software to Find Malware Security Week News
CISA Adds Exploited XWiki, VMware Flaws to KEV Catalog CISA Adds Exploited XWiki, VMware Flaws to KEV Catalog Security Week News
Senator Urges FTC Probe of Microsoft Over Security Failures Senator Urges FTC Probe of Microsoft Over Security Failures Security Week News
Gambit Security Secures M for AI Cyber Resilience Gambit Security Secures $61M for AI Cyber Resilience Security Week News
Asus Armoury Crate Vulnerability Leads to Full System Compromise Asus Armoury Crate Vulnerability Leads to Full System Compromise Security Week News
Kimwolf Android Botnet Grows Through Residential Proxy Networks Kimwolf Android Botnet Grows Through Residential Proxy Networks Security Week News