CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Vulnerabilities

Trend Micro Patches Critical Code Execution Flaw in Apex Central

Tenable has released PoC code and technical details after the vendor announced the availability of patches for three vulnerabilities. The post Trend Micro Patches Critical Code Execution Flaw in Apex Central appeared first on SecurityWeek.

Trend Micro vulnerability

Trend Micro this week announced patches for three vulnerabilities affecting its Apex Central product. 

Apex Central is a console designed for managing Trend Micro products and services. Researchers at Tenable discovered in August 2025 that the product is affected by three vulnerabilities that can be exploited for remote code execution or DoS attacks.

According to Trend Micro’s advisory, the flaws impact the on-premises version of Apex Central, and they have been fixed with the release of Critical Patch build 7190.

The most serious of the flaws, tracked as CVE-2025-69258 and assigned a critical severity rating, is a LoadLibraryEX issue that can allow an unauthenticated, remote attacker to load a malicious DLL file into a key executable, which results in the attacker’s code being executed with System privileges.

The remaining issues, identified as CVE-2025-69259 and CVE-2025-69260, both classified as high severity, can be exploited by a remote attacker to cause a DoS condition. 

While the vulnerabilities do not require authentication, Trend Micro pointed out that the attacker does need to gain access to the victim’s network before exploiting the flaws. 

Tenable has published technical details and PoC exploit code for each of the vulnerabilities, which can increase the likelihood of exploitation.  

It’s not uncommon for threat actors to exploit vulnerabilities in Trend Micro Apex products. CISA’s Known Exploited Vulnerabilities (KEV) catalog currently includes 10 CVEs associated with flaws in this product line.

While a majority of the CVEs are for Apex One vulnerabilities, Apex Central has also been targeted by attackers. 

Attribution information is rarely made public, but at least some attacks have been linked to Chinese threat actors

The most recent reports of attacks exploiting Trend Micro Apex One vulnerabilities date back to August 2025. 

Related: Critical HPE OneView Vulnerability Exploited in Attacks

Related: Exploit for VMware Zero-Day Flaws Likely Built a Year Before Public Disclosure

Related: Critical Vulnerabilities Patched in Trend Micro Apex Central, Endpoint Encryption

Latest News

CYBERNEWSMEDIAPublisher