CVE-2025-69258

Name of the Vulnerable Software and Affected Versions Trend Micro Apex Central versions prior to 7190

Description A LoadLibraryEX vulnerability exists in Trend Micro Apex Central that could allow an unauthenticated remote attacker to load a malicious Dynamic Link Library (DLL) into a key executable, specifically MsgReceiver.exe. Successful exploitation leads to the execution of attacker-supplied code with SYSTEM-level privileges on affected installations. A Proof of Concept (PoC) exploit has been released, increasing the risk of exploitation. The vulnerability is accessible via the TCP port 20001. The vulnerability is rated as critical with a CVSS score of 9.8.

Recommendations Upgrade Trend Micro Apex Central to build 7190 or later. Restrict exposure of the management console services to trusted network zones. Review logs for suspicious admin activity and web requests. Rotate credentials or tokens if exposure is suspected.