Trend Micro Releases New Critical Patch for Trend Micro Apex Central
Summary: Trend Micro releases Critical patches for ‘Build 7190’, addressing Multiple Vulnerabilities Including RCE & DoS
| OEM | Trend Micro |
| Severity | Critical |
| CVSS Score | 9.8 |
| CVEs | CVE-2025-69258, CVE-2025-69259, CVE-2025-69260 |
| POC Available | No |
| Actively Exploited | Yes |
| Exploited in Wild | Yes |
| Advisory Version | 1.0 |
Overview
Trend Micro released Critical Patch Build 7190 for Apex Central (on-premises) addressing multiple high/critical vulnerabilities, including a remote code execution (RCE) flaw in MsgReceiver.exe exploited via unauthenticated network access on TCP port 20001.
Additional flaws enable denial-of-service (DoS) via unchecked NULL returns and out-of-bounds reads. Affected versions are below Build 7190 on Windows. Administrators must apply latest version build immediately to mitigate RCE, crashes and service disruptions.
| Vulnerability Name | CVE ID | Product Affected | Severity | Fixed Version |
| LoadLibraryEX Remote Code Execution (RCE) Vulnerability | CVE-2025-69258 | Apex Central (on-premise) | Critical | Build 7190 |
| Message Unchecked NULL Return Value Denial of Service (DoS) Vulnerability | CVE-2025-69259 | Apex Central (on-premise) | High | Build 7190 |
| Message Out-of-bounds Read Denial of Service (DoS) Vulnerability | CVE-2025-69260 | Apex Central (on-premise) | High | Build 7190 |
Technical Summary
The critical vulnerability has in its unauthenticated MsgReceiver.exe service on TCP port 20001 which is a remote code execution vulnerability lets attackers load arbitrary DLLs into a privileged process for SYSTEM-level code execution and full compromise.
Alongside two denial-of-service issues causing crashes where one due to unchecked NULL return values in message parsing leading to invalid memory access, and another via out-of-bounds reads from oversized strings.
All the vulnerabilities exploitable remotely without privileges, requiring urgent patching to Build 7190.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-69258 | Apex Central < Build 7190 | Unauthenticated attackers can remotely load a malicious DLL into MsgReceiver.exe using crafted network messages on TCP port 20001 | RCE, Complete server compromise |
| CVE-2025-69259 | Apex Central < Build 7190 | Processing malformed messages (no auth required) leads to unhandled NULL from string search, causing invalid pointer operations | Dos, Service crash |
| CVE-2025-69260 | Apex Central < Build 7190 | Oversized string parameters in messages (no auth required) trigger buffer overruns during parsing | Dos, Service crash |
Recommendations
- Update immediately to the Critical Patch Build 7190. You can Apply via Trend Micro Download Center.
If immediate update is not possible
- Block TCP port 20001 at firewalls/perimeter.
- Monitor for anomalous connections to port 20001 or Samba shares.
- Review system logs for MsgReceiver.exe crashes or DLL loads from external paths.
Conclusion
This critical patch for Trend Micro Apex Central resolves multiple high-severity vulnerabilities including remote code execution and denial-of-service issues that pose significant risks to on-premise deployments.
Organizations should prioritize immediate deployment of Build 7190, implement network controls like port blocking and maintain vigilant monitoring to safeguard against exploitation.
References: