Critical flaws and public exploits released for Trend Micro Apex Central on-premise management

Trend Micro patched three security flaws in its Apex Central on-premise management platform. Apex Central acts as a hub for managing security across mail servers, gateways, and desktops, making it a high-value target for hackers.

Tenable researchers found the vulnerabilities and published technical details along with proof-of-concept (PoC) exploit code.

Vulnerabilities summary:

• CVE-2025-69258 (CVSS score 9.8), affects the MsgReceiver.exe process, which listens for commands on TCP port 20001. An attacker can send a crafted message to the server that forces it to load a malicious DLL file from a remote share. Because the process runs with high privileges, the attacker gains full SYSTEM control over the Windows server. This allows them to run any command or steal data from the entire security network.
• CVE-2025-69259 (CVSS score 7.5) occurs when the server fails to check a null value during data processing, leading to a crash.
• CVE-2025-69260 (CVSS score 7.5) is an out-of-bounds read bug where the server trusts a size value sent by the attacker. Both flaws can be triggered remotely without authentication, allowing anyone on the network to stop security operations.

Trend Micro notes that exploitation usually requires network access, any server exposed to the internet or a compromised internal segment is at risk. The public release of exploit code significantly raises the chance of active attacks.

Organizations should install Critical Patch Build 7190 or later to fix these flaws. Admins should also check firewall rules to ensure port 20001 is not open to the public internet. Restricting access to this port to only trusted administrative machines provides an extra layer of safety.