Security updates were released to address multiple vulnerabilities in on-premise Apex Central for Windows, including a critical remote code execution flaw tracked as CVE-2025-69258 with a CVSS score of 9.8.
KEY FACTS
- Vendor Trend Micro
- Critical flaw CVE-2025-69258, CVSS 9.8, remote code execution
- Other flaws CVE-2025-69259 and CVE-2025-69260, CVSS 7.5, denial of service
- Affected builds Apex Central on-premise versions below Build 7190
In a technical analysis by Tenable, researchers said an attacker can exploit CVE-2025-69258 by sending the message “0x0a8d” to the MsgReceiver.exe component, causing the process to load a DLL under attacker control and execute code as SYSTEM, and that CVE-2025-69259 and CVE-2025-69260 can be triggered by sending a specially crafted message “0x1b5b” to the same process, which listens on the default TCP port 20001, causing denial of service.
The issues impact Apex Central on-premise versions below Build 7190. Patches are available in the Trend Micro security advisory.
The report credits the discovery to the original researchers and records August 2025 as the reporting date.
Successful exploitation requires an attacker to already have physical or remote access to a vulnerable endpoint. Customers are advised to apply updates and review remote access and perimeter controls.
WHY IT MATTERS
An RCE that can load an attacker-controlled DLL into a core process and run as SYSTEM presents a high risk to affected Windows management servers. Organizations running on-premise Apex Central should apply the patches and limit access to management interfaces.