CVE-2025-69258

CVSS v3.1

9.8

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Trend Micro Apex Central versions prior to 7190

Description A LoadLibraryEX vulnerability exists in Trend Micro Apex Central that could allow an unauthenticated remote attacker to load a malicious Dynamic Link Library (DLL) into a key executable, specifically

MsgReceiver.exe

. Successful exploitation leads to the execution of attacker-supplied code with SYSTEM-level privileges on affected installations. A Proof of Concept (PoC) exploit has been released, increasing the risk of exploitation. The vulnerability is accessible via the TCP port 20001. The vulnerability is rated as critical with a CVSS score of 9.8.

Recommendations Upgrade Trend Micro Apex Central to build 7190 or later. Restrict exposure of the management console services to trusted network zones. Review logs for suspicious admin activity and web requests. Rotate credentials or tokens if exposure is suspected.

Fix

RCE

DoS

Buffer Overflow

Authentication Bypass by Spoofing

Origin Validation Error

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120CWE-290CWE-346

Related Identifiers

CVE-2025-69258

Affected Products

Trend Micro Apex Central

CVE-2025-69258

Weakness Enumeration

Related Identifiers

Affected Products

References · 57