Overview
- Trend Micro released Critical Patch Build 7190 for Apex Central on-premise, fixing CVE-2025-69258 along with two related flaws tracked as CVE-2025-69259 and CVE-2025-69260.
- Tenable, which reported the bugs in August 2025, has published technical details and proof-of-concept exploits for all three vulnerabilities.
- The RCE (CVE-2025-69258) abuses a LoadLibraryEX path by sending message 0x0a8d to the MsgReceiver.exe service on TCP port 20001, enabling attacker-controlled DLL loading under SYSTEM.
- CVE-2025-69259 and CVE-2025-69260 carry CVSS 7.5 scores and can trigger denial-of-service via crafted message 0x1b5b to the same process.
- Trend Micro urges immediate updates and tighter remote access controls, noting no confirmed exploitation yet but elevated risk for exposed installations.