Trend Micro releases critical security fixes for Apex Central RCE - so patch now

• CVE-2025-69258 in Trend Micro Apex Central allowed unauthenticated DLL injection and remote code execution
• Critical Patch Build 7190 fixes this flaw plus CVE-2025-69259 and CVE-2025-69260
• Trend Micro urges immediate patching; mitigations like disconnecting systems are only temporary safeguards

Trend Micro has patched a critical-severity vulnerability in Apex Central (on-premise) which allowed threat actors to run arbitrary code, remotely.

Apex Central (on-premise) is a self-hosted centralized management platform for enterprise security, which lets organizations deploy and manage Trend Micro endpoint, server, and workload protection products from a single console that runs inside their own infrastructure.

It was vulnerable to CVE-2025-69258, a bug that allows threat actors to inject DLLs without any victim interaction. The bug was given a severity score of 9.8/10 (critical).