Trend Micro Patches Critical Code Execution Flaw in Apex Central

Trend Micro Patches Critical Code Execution Flaw in Apex Central

Posted on By CWS

Pattern Micro this week introduced patches for 3 vulnerabilities affecting its Apex Central product. 

Apex Central is a console designed for managing Pattern Micro services. Researchers at Tenable found in August 2025 that the product is affected by three vulnerabilities that may be exploited for distant code execution or DoS assaults.

In line with Pattern Micro’s advisory, the issues affect the on-premises model of Apex Central, they usually have been fastened with the discharge of Crucial Patch construct 7190.

Essentially the most critical of the issues, tracked as CVE-2025-69258 and assigned a important severity ranking, is a LoadLibraryEX challenge that may enable an unauthenticated, distant attacker to load a malicious DLL file right into a key executable, which leads to the attacker’s code being executed with System privileges.

The remaining points, recognized as CVE-2025-69259 and CVE-2025-69260, each categorized as excessive severity, will be exploited by a distant attacker to trigger a DoS situation. 

Whereas the vulnerabilities don’t require authentication, Pattern Micro identified that the attacker does want to achieve entry to the sufferer’s community earlier than exploiting the issues. Commercial. Scroll to proceed studying.

Tenable has revealed technical particulars and PoC exploit code for every of the vulnerabilities, which might enhance the chance of exploitation.  

It’s not unusual for menace actors to take advantage of vulnerabilities in Pattern Micro Apex merchandise. CISA’s Recognized Exploited Vulnerabilities (KEV) catalog at the moment consists of 10 CVEs related to flaws on this product line.

Whereas a majority of the CVEs are for Apex One vulnerabilities, Apex Central has additionally been focused by attackers. 

Attribution data is never made public, however at the very least some assaults have been linked to Chinese language menace actors. 

The newest studies of assaults exploiting Pattern Micro Apex One vulnerabilities date again to August 2025. 

Associated: Crucial HPE OneView Vulnerability Exploited in Assaults

Associated: Exploit for VMware Zero-Day Flaws Doubtless Constructed a Yr Earlier than Public Disclosure

Associated: Crucial Vulnerabilities Patched in Pattern Micro Apex Central, Endpoint Encryption

Security Week News Tags:, , , , , , , ,

Related Posts

AirMDR Raises .5 Million for MDR Solution AirMDR Raises $15.5 Million for MDR Solution Security Week News
Major Enterprise AI Assistants Can Be Abused for Data Theft, Manipulation Major Enterprise AI Assistants Can Be Abused for Data Theft, Manipulation Security Week News
SimSpace Raises Million for Cyber Range Platform SimSpace Raises $39 Million for Cyber Range Platform Security Week News
Threat Actors Use SVG Smuggling for Browser-Native Redirection Threat Actors Use SVG Smuggling for Browser-Native Redirection Security Week News
OpenAI to Help DoD With Cyber Defense Under New 0 Million Contract OpenAI to Help DoD With Cyber Defense Under New $200 Million Contract Security Week News
Ransomware Payments Dropped in Q3 2025: Analysis Ransomware Payments Dropped in Q3 2025: Analysis Security Week News