- CVE-2025-69258 in Trend Micro Apex Central allowed unauthenticated DLL injection and remote code execution
- Critical Patch Build 7190 fixes this flaw in addition to CVE-2025-69259 and CVE-2025-69260
- Trend Micro urges immediate patching; Mitigations such as taking systems offline are only temporary safeguards
Trend Micro has fixed a critical vulnerability in Apex Central (on-premises) that allowed threat actors to execute arbitrary code remotely.
Apex Central (on-premises) is a self-hosted centralized management platform for enterprise security, enabling organizations to deploy and manage Trend Micro endpoint, server, and workload protection products from a single console running within their own infrastructure.
It was vulnerable to CVE-2025-69258, a bug that allows threat actors to inject DLL files without any interaction from the victim. The bug received a severity score of 9.8/10 (critical).
Patch and review systems
“A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated, remote attacker to load an attacker-controlled DLL into a key executable, leading to the execution of attacker-supplied code under the SYSTEM context on affected installations,” the company said in a recently published security advisory.
While there are mitigations available (for example, disconnecting the system from the Internet), Trend Micro says the best course of action is to apply the provided patch.
“In addition to timely application of patches and updated solutions, customers are also encouraged to review remote access to critical systems and ensure policies and perimeter security are up-to-date,” Trend Micro said.
“However, although an exploit may require several specific conditions to be met, Trend Micro strongly recommends customers update to the latest versions as soon as possible.”
The vulnerability was fixed in Critical Patch Build 7190, which is also said to have fixed two additional flaws: CVE-2025-69259 and CVE-2025-69260. Both can be exploited by unauthenticated attackers.
As of mid-June 2025, Trend Micro fixed a handful of critical vulnerabilities, including some in Apex Central. All vulnerabilities were considered critical or high severity, and although there was no evidence of abuse at the time, Trend Micro urged customers to apply the fix without delay.
Through beepcomputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
