Trend Micro Patches Critical Code Execution Flaw in Apex Central

Trend Micro Patches Critical Code Execution Flaw in Apex Central

Posted on By CWS

Pattern Micro this week introduced patches for 3 vulnerabilities affecting its Apex Central product. 

Apex Central is a console designed for managing Pattern Micro services. Researchers at Tenable found in August 2025 that the product is affected by three vulnerabilities that may be exploited for distant code execution or DoS assaults.

In line with Pattern Micro’s advisory, the issues affect the on-premises model of Apex Central, they usually have been fastened with the discharge of Crucial Patch construct 7190.

Essentially the most critical of the issues, tracked as CVE-2025-69258 and assigned a important severity ranking, is a LoadLibraryEX challenge that may enable an unauthenticated, distant attacker to load a malicious DLL file right into a key executable, which leads to the attacker’s code being executed with System privileges.

The remaining points, recognized as CVE-2025-69259 and CVE-2025-69260, each categorized as excessive severity, will be exploited by a distant attacker to trigger a DoS situation. 

Whereas the vulnerabilities don’t require authentication, Pattern Micro identified that the attacker does want to achieve entry to the sufferer’s community earlier than exploiting the issues. Commercial. Scroll to proceed studying.

Tenable has revealed technical particulars and PoC exploit code for every of the vulnerabilities, which might enhance the chance of exploitation.  

It’s not unusual for menace actors to take advantage of vulnerabilities in Pattern Micro Apex merchandise. CISA’s Recognized Exploited Vulnerabilities (KEV) catalog at the moment consists of 10 CVEs related to flaws on this product line.

Whereas a majority of the CVEs are for Apex One vulnerabilities, Apex Central has additionally been focused by attackers. 

Attribution data is never made public, however at the very least some assaults have been linked to Chinese language menace actors. 

The newest studies of assaults exploiting Pattern Micro Apex One vulnerabilities date again to August 2025. 

Associated: Crucial HPE OneView Vulnerability Exploited in Assaults

Associated: Exploit for VMware Zero-Day Flaws Doubtless Constructed a Yr Earlier than Public Disclosure

Associated: Crucial Vulnerabilities Patched in Pattern Micro Apex Central, Endpoint Encryption

Security Week News Tags:, , , , , , , ,

Related Posts

Chrome 137 Update Patches High-Severity Vulnerabilities Chrome 137 Update Patches High-Severity Vulnerabilities Security Week News
ServiceNow to Acquire Identity Security Firm Veza in Reported Billion Deal  ServiceNow to Acquire Identity Security Firm Veza in Reported $1 Billion Deal  Security Week News
Cyber Espionage Group Targets 37 Nations’ Infrastructure Cyber Espionage Group Targets 37 Nations’ Infrastructure Security Week News
US Charges Cambodian Executive in Massive Crypto Scam and Seizes More Than Billion in Bitcoin US Charges Cambodian Executive in Massive Crypto Scam and Seizes More Than $14 Billion in Bitcoin Security Week News
US Insurance Industry Warned of Scattered Spider Attacks US Insurance Industry Warned of Scattered Spider Attacks Security Week News
Furl Raises Million for Autonomous Vulnerability Remediation Furl Raises $10 Million for Autonomous Vulnerability Remediation Security Week News