Critical Apex Central RCE Fixed in Build 7190

by Justin Erickson

Trend Micro has released security updates for on-premise Apex Central bugs that allow remote code execution – CVE-2025-69258 – along with two high-severity denial-of-service flaws. The main bug – rated CVSS 9.8 – allows an unauthenticated remote attacker to load an attacker-controlled DLL which allows code execution with system privileges. The issues affect Apex Central (on-premise) for Windows below Build 7190. Trend Micro directs customers to apply the Critical Patch Build 7190, which is now available, and notes that the exploitation still requires network access to the vulnerable endpoint.