CVE-2025-69260
published 2026-01-08CVE-2025-69260: A message out-of-bounds read vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected…
PriorityP346high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.42%
69.5th percentile
A message out-of-bounds read vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations.
Please note: authentication is not required in order to exploit this vulnerability.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| trend_micro_inc | trend_micro_apex_central | >= 2019 (14.0) < Build 7190 | Build 7190 |
| trendmicro | apex_central | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bleepingcomputer
Trend Micro warns of critical Apex Central RCE vulnerability
blogs_bleepingcomputer·2026-01-09·CVSS 9.8
[CRITICAL] Trend Micro warns of critical Apex Central RCE vulnerability
## Trend Micro warns of critical Apex Central RCE vulnerability
## Sergiu Gatlan
Japanese cybersecurity software firm Trend Micro has patched a critical security flaw in Apex Central (on-premise) that could allow attackers to execute arbitrary code with SYSTEM privileges.
Apex Central is a web-based management console that helps admins manage multiple Trend Micro products and services (including antivirus, content security, and threat detection) and deploy components like antivirus pattern files, scan engines, and antispam rules from a single interface.
Tracked as CVE-2025-69258 , the vulnerability enables threat actors without privileges on the targeted system to gain remote code execution by injecting malicious DLLs in low-complexity attacks that don't require user interaction.
"A L
Tenable
Trend Micro Apex Central Multiple Vulnerabilities
blogs_tenable·2026-01-07
Trend Micro Apex Central Multiple Vulnerabilities
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Wiz
CVE-2025-69258 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2025-69258 [MEDIUM] CVE-2025-69258 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-69258 :
Apex Central vulnerability analysis and mitigation
A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations.
Source : NVD
## 9.8
Score
Published January 8, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
Apex Central
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 70.3
Exploitation Probability (EPSS) 0.6
Affected packages and libraries
cpe:2.3:a:trendmicro:apex_central
Sources
Windows Severity CRITICAL No Fix Added at: Jan 18, 2026
Windows Sever
Wiz
CVE-2025-69259 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2025-69259 [MEDIUM] CVE-2025-69259 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-69259 :
Apex Central vulnerability analysis and mitigation
A message unchecked NULL return value vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations.
Please note: authentication is not required in order to exploit this vulnerability..
Source : NVD
## 7.5
Score
Published January 8, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
Apex Central
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 70
Exploitation Probability (EPSS) 0.6
Affected packages and libraries
cpe:2.3:a:trendmicro:apex_central
Sources
Windows Severity HIGH No Fix Added at: Jan 18, 2026
Windows Severity HIGH No
Wiz
CVE-2025-69260 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2025-69260 [MEDIUM] CVE-2025-69260 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-69260 :
Apex Central vulnerability analysis and mitigation
A message out-of-bounds read vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations.
Please note: authentication is not required in order to exploit this vulnerability.
Source : NVD
## 7.5
Score
Published January 8, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
Apex Central
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 67.3
Exploitation Probability (EPSS) 0.5
Affected packages and libraries
cpe:2.3:a:trendmicro:apex_central
Sources
Windows Severity HIGH No Fix Added at: Jan 18, 2026
Windows Severity HIGH No Fix Adde
2026-01-08
Published