Pattern Micro this week introduced patches for 3 vulnerabilities affecting its Apex Central product.
Apex Central is a console designed for managing Pattern Micro services. Researchers at Tenable found in August 2025 that the product is affected by three vulnerabilities that may be exploited for distant code execution or DoS assaults.
In line with Pattern Micro’s advisory, the issues affect the on-premises model of Apex Central, they usually have been fastened with the discharge of Crucial Patch construct 7190.
Essentially the most critical of the issues, tracked as CVE-2025-69258 and assigned a important severity ranking, is a LoadLibraryEX challenge that may enable an unauthenticated, distant attacker to load a malicious DLL file right into a key executable, which leads to the attacker’s code being executed with System privileges.
The remaining points, recognized as CVE-2025-69259 and CVE-2025-69260, each categorized as excessive severity, will be exploited by a distant attacker to trigger a DoS situation.
Whereas the vulnerabilities don’t require authentication, Pattern Micro identified that the attacker does want to achieve entry to the sufferer’s community earlier than exploiting the issues. Commercial. Scroll to proceed studying.
Tenable has revealed technical particulars and PoC exploit code for every of the vulnerabilities, which might enhance the chance of exploitation.
It’s not unusual for menace actors to take advantage of vulnerabilities in Pattern Micro Apex merchandise. CISA’s Recognized Exploited Vulnerabilities (KEV) catalog at the moment consists of 10 CVEs related to flaws on this product line.
Whereas a majority of the CVEs are for Apex One vulnerabilities, Apex Central has additionally been focused by attackers.
Attribution data is never made public, however at the very least some assaults have been linked to Chinese language menace actors.
The newest studies of assaults exploiting Pattern Micro Apex One vulnerabilities date again to August 2025.
Associated: Crucial HPE OneView Vulnerability Exploited in Assaults
Associated: Exploit for VMware Zero-Day Flaws Doubtless Constructed a Yr Earlier than Public Disclosure
Associated: Crucial Vulnerabilities Patched in Pattern Micro Apex Central, Endpoint Encryption
