Severity
High
Analysis Summary
Trend Micro has released critical security patches to address three severe vulnerabilities affecting Apex Central (on-premise) on Windows systems. These flaws could allow unauthenticated remote attackers to execute malicious code or trigger denial-of-service (DoS) attacks on vulnerable servers. The patches were issued on January 7, 2026, and Trend Micro has strongly urged all affected customers to update immediately due to the high risk posed by these issues, especially in exposed environments.
The most critical vulnerability, tracked as CVE-2025-69258, carries a CVSS score of high and is caused by a LoadLibraryEX remote code execution flaw. This issue allows attackers to load malicious DLL files into core Apex Central executables, potentially enabling them to execute arbitrary code with SYSTEM-level privileges without any user interaction or authentication. Exploitation of this flaw could result in full system compromise.
The other two vulnerabilities, CVE-2025-69259 and CVE-2025-69260, both have CVSS scores of high and are related to improper message handling. CVE-2025-69259 involves a NULL return handling flaw that could be abused to trigger a remote denial-of-service condition, while CVE-2025-69260 is an out-of-bounds read vulnerability that can also be exploited to crash the service remotely. Like the RCE flaw, both DoS vulnerabilities can be exploited without authentication.
These vulnerabilities affect Trend Micro Apex Central (on-premise) versions below Build 7190 running on Windows. Trend Micro has released Critical Patch Build 7190 to fully remediate all three issues, which is now available through the Trend Micro Download Center along with detailed release notes. In addition to patching, Trend Micro recommends tightening remote access policies, restricting network exposure of Apex Central servers, and strengthening perimeter security controls. The company also credited security researchers for responsibly disclosing the vulnerabilities, helping prevent real-world exploitation.
Impact
- Denial-of-Service
- Gain Access
Indicators of Compromise
CVE
CVE-2025-69258
CVE-2025-69259
CVE-2025-69260
Affected Vendors
Remediation
- Immediately upgrade Trend Micro Apex Central (on-premise) to Critical Patch Build 7190 or later.
- Download the patch only from the official Trend Micro Download Center and follow the provided release notes for proper deployment.
- Restrict network access to Apex Central servers and ensure they are not exposed directly to the internet.
- Apply strict firewall rules to allow access only from trusted IP addresses and internal management networks.
- Enforce strong authentication and access control policies for all administrative interfaces.
- Review and harden remote access policies for critical management systems.
- Monitor Apex Central servers for any signs of abnormal behavior or exploitation attempts.
- Keep the operating system and all dependent components fully updated with the latest security patches.
- Conduct a vulnerability scan after patching to verify that all issues are properly remediated.
- Maintain regular patch management and security update procedures to prevent future exposure.