Trend Micro has issued an urgent security advisory after identifying a critical vulnerability in its Apex Central management platform. The flaw affects on-premise installations running on Windows systems. It has been rated 9.8 on the CVSS scale, placing it in the critical severity category. Such a high score indicates a serious risk if systems are left unpatched.
The vulnerability is classified as a remote code execution (RCE) flaw, meaning attackers can run malicious code from a remote location. It has been tracked as CVE-2025-69258. According to the advisory, the flaw can be exploited without authentication. This significantly increases the potential attack surface for organizations.
The issue originates from improper handling of system-level functions within Apex Central on Windows. An attacker could exploit this weakness to load a malicious DLL file into the application. If the attack is successful, arbitrary code can be executed. This code would run with SYSTEM-level privileges, the highest level on Windows.
Trend Micro confirmed that all on-premise Windows versions below Build 7190 are affected by this vulnerability. Cloud-hosted versions of Apex Central are not impacted. To address the issue, Trend Micro has released Critical Patch Build 7190. Administrators are strongly urged to apply this update immediately.
Alongside the critical RCE flaw, Trend Micro also patched two high-severity denial-of-service vulnerabilities. These are tracked as CVE-2025-69259 and CVE-2025-69260. Both carry CVSS scores of 7.5. Exploiting these flaws could cause the Apex Central service to crash.
While the DoS vulnerabilities do not allow attackers to execute code, they can disrupt security operations. An attacker could repeatedly trigger the flaws to make the management console unavailable. This could delay threat detection and response. Such disruptions can be harmful in enterprise environments.
Security researchers noted that exploiting the RCE flaw requires only network access. No user interaction, such as clicking links or opening files, is needed. This makes the vulnerability especially dangerous for exposed servers. Automated attacks could easily target unpatched systems.
Trend Micro stated that there is no confirmed evidence of active exploitation at the time of disclosure. However, due to the severity of the flaw, organizations should not delay patching. Applying the update, restricting network access, and monitoring systems are strongly recommended. Prompt action is critical to maintaining a secure environment.
Stay alert, and keep your security measures updated!
Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news
