—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in Trend Micro Apex Central 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: CRITICAL

Software Affected

Trend Micro Apex Central for Windows Versions prior to the vendor-patched builds (Critical Patch Build 7190 and later)

Overview

Multiple vulnerabilities have been reported in Trend Micro Apex Central (On-Premise) for Windows, which could be exploited by a remote attacker to execute arbitrary code or cause denial of service conditions on the affected system.

Target Audience:

System administrators, security administrators, SOC teams, and organizations managing Trend Micro Apex Central (On-Premise).

Risk Assessment:

High risk of system compromise, unauthorized execution of code with elevated privileges, disruption of centralized security management services, and potential lateral movement within the affected enterprise environment.

Impact Assessment:

Potential of elevated-privilege exploitation or service disruption resulting in complete system compromise, loss of security visibility, and impact on enterprise security operations.

Description

Trend Micro Apex Central is a centralized security management platform used to manage and monitor Trend Micro security products across enterprise environments.

Multiple vulnerabilities have been identified in the Apex Central (On-Premise) server components. These vulnerabilities exist due to insufficient input validation and improper handling of certain server-side operations. The vulnerabilities can be exploited remotely under conditions described by the vendor advisory and do not require prior authentication in certain scenarios.

Successful exploitation of these vulnerabilities could allow a remote attacker to trigger code execution or denial-of-service conditions on the targeted system.

Solution

Apply appropriate updates as mentioned by the vendor:

https://success.trendmicro.com/en-US/solution/KA-0022071

Vendor Information

Trend Micro, Inc.

https://www.trendmicro.com/

References

 

https://success.trendmicro.com/en-US/solution/KA-0022071

CVE Name

CVE-2025-69258

CVE-2025-69259

CVE-2025-69260

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmlnrxYACgkQ3jCgcSdc

ys8YLhAAhqhx9cNd9yQP3AwN/RYuAafev8Hqj/bppJZIQrvB3QYGib8MVD6SkfjA

M6T0NCxFyDWyRWVGRx62VyIDvx0J7KfeurpOGgbyPvIK3IC3mjeVgtJWQIzkje0U

P/0aWOsgNDdSY7emO9mykjFSq8OJmEzcBkv5Se6Q+GjuomKL2e/cV1uEYbn6TRAR

khujyT5nXWaY5J9bmTh+wnv+yy1dyoeIpP2R0/KyemgxxTpAXH6xFIz0oplRywY4

Tj8oLZg4XIq0S/hIGFizP+ZxOAq4saadPhXMJMPYtYrP2rMD+zzBarnDybMOzGK1

867pjfspJeu1FVPPbSXcn4L9MXehVD7nJTECsIZh1gNGTNNwEQdfwDKhTnD7aM3m

hb06Lha9OVd1qVvU88b69CFL4vO2bf+vXtJVuAEebx+fpPCRXtatOBXLUsw5aq1o

JVgyt+Cd0ME7Cs2UfZGMh+552DwAeXLGIBVKoFn6mJuOcJxt4LbrpkZiZY7OnW5Z

E59BnyOktU1nh4RDEmxUtLTJM8FeKT6dgiVDIO2NpLM2qcit8xAM6fk/qFwIvoho

E5SyVzoKY6t2xpQMNOkIF9rL91LVG32M796pp1upt94afKIhCY61b5NhRe54p0Ei

jAJfj5OR8+RzXwYQyWCw0GaVBUHMwTLJH2fWZUzD27wjk+2bYxY=

=Ul+S

—–END PGP SIGNATURE—–