1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Trend Micro releases critical security fixes for Apex Central RCE

    From TechnologyDaily@1337:1/100 to All on Mon Jan 12 15:45:08 2026
    Trend Micro releases critical security fixes for Apex Central RCE - so patch now

    Date:
    Mon, 12 Jan 2026 15:30:00 +0000

    Description:
    A bug allowed hackers to inject DLLs without user interaction, gaining access to the underlying system.

    FULL STORY ======================================================================CVE-2025 -69258 in Trend Micro Apex Central allowed unauthenticated DLL injection and remote code execution Critical Patch Build 7190 fixes this flaw plus CVE-2025-69259 and CVE-2025-69260 Trend Micro urges immediate patching; mitigations like disconnecting systems are only temporary safeguards

    Trend Micro has patched a critical-severity vulnerability in Apex Central (on-premise) which allowed threat actors to run arbitrary code, remotely.

    Apex Central (on-premise) is a self-hosted centralized management platform
    for enterprise security, which lets organizations deploy and manage Trend Micro endpoint, server, and workload protection products from a single
    console that runs inside their own infrastructure.

    It was vulnerable to CVE-2025-69258, a bug that allows threat actors to
    inject DLLs without any victim interaction. The bug was given a severity
    score of 9.8/10 (critical). Patching and reviewing systems

    "A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations," the company said in a recently
    published security advisory.

    While mitigations are available (for example, disconnecting the system from the wider internet), Trend Micro says the best course of action is to apply the provided patch.

    "In addition to timely application of patches and updated solutions,
    customers are also advised to review remote access to critical systems and ensure policies and perimeter security is up-to-date," Trend Micro said.

    "However, even though an exploit may require several specific conditions to
    be met, Trend Micro strongly encourages customers to update to the latest builds as soon as possible."

    The vulnerability is fixed in Critical Patch Build 7190, which was also said to have fixed two additional flaws: CVE-2025-69259 and CVE-2025-69260. Both can be leveraged by unauthenticated attackers.

    In mid-June 2025, Trend Micro fixed a handful of critical-everity vulnerabilities, including some in Apex Central. The vulnerabilities were all deemed either critical, or high-severity, and while there was no evidence of abuse at the time, Trend Micro urged customers to apply the fix without
    delay.

    Via BleepingComputer

    Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the
    Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/trend-micro-releases-critical-security- fixes-for-apex-central-rce-so-patch-now


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)