Trend Micro warns of critical Apex Central RCE vulnerability

Trend Micro warns of critical Apex Central RCE vulnerability

Category: <h2 class="cBlue inline m-r-10">Arti<span class="cOrange">cles</span></h2>

Trend Micro warns of critical Apex Central RCE vulnerability

Severity: CRITICAL (CVE-2025-69258)

CVSS 3.0 Score : 9.8

Information

  Apex Central is a web-based management console that helps admins manage multiple Trend Micro products and services (including antivirus, content security, and threat detection) and deploy components like antivirus pattern files, scan engines, and antispam rules from a single interface. 

Incident

  Japanese cybersecurity software firm Trend Micro has patched a critical security flaw in Apex Central (on-premise) that could allow attackers to execute arbitrary code with SYSTEM privileges.

  Tracked as CVE-2025-69258, the vulnerability enables threat actors without privileges on the targeted system to gain remote code execution by injecting malicious DLLs in low-complexity attacks that don't require user interaction.

  As explained by cybersecurity company Tenable, which reported the flaw and shared technical details and proof-of-concept code, unauthenticated remote attackers can send a specially crafted message to the MsgReceiver.exe process listening on TCP port 20001, "leading to execution of attacker-supplied code under the security context of SYSTEM.

  While there are mitigating factors, like vulnerable systems being exposed to Internet attacks, Trend Micro urged customers to patch their systems as soon as possible.

Recommendation

  • To address this vulnerability, Trend Micro has released Critical Patch Build 7190, which also fixes two denial-of-service flaws (CVE-2025-69259 and CVE-2025-69260) that can be exploited by unauthenticated attackers.

The important things is Security systems. We must concern and monitor as usual.
For more information please contact
Email :sales@inetms.co.th
065 149 2822 (Ms.Suphatson )
063 204 4534 (Ms.Atsamaphorn)
065 929 6330 (Ms.Kansinee)
061 387 9439 (Ms.Sirilak)
092 257 6902 (Ms.Narusorn)
063 197 7510 (Mr.Yanotai)
065 725 7405 (Ms.Nattharini)
065 725 7405 (Ms.Donraya)

References

Weekly Interesting CVE

NO.

CVE Name

Published Date

Last Update

Device/Appplication/OS Target

Attack Type

CVSS
Severity Rating

Detail

Solution

Reference
1

CVE-2025-68865

5/1/2026

5/1/2026

Infility Global Plugin for WordPress < 2.14.48

SQL Injection

9.3

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infility Infility Global allows SQL Injection.This issue affects Infility Global: from n/a through 2.14.48.

Update to 2.14.49

 https://www.cvedetails.com/cve/CVE-2025-68865/

 
2

CVE-2025-47411

1/1/2026

5/1/2026

Apache StreamPipes <  0.97.0

Privilege Escalation

8.1

A user with a legitimate non-administrator account can exploit a vulnerability in the user ID creation mechanism in Apache StreamPipes that allows them to swap the username of an existing user with that of an administrator.

Update to 0.98.0

https://app.opencve.io/cve/CVE-2025-47411
3

CVE-2021-47744

31/12/2025

2/1/2026

Cypress Solutions CTM-200 < 1.3.6

Hard-coded Credentials

7.5

Cypress Solutions CTM-200/CTM-ONE 1.3.6 contains hard-coded credentials vulnerability in Linux distribution that exposes root access. Attackers can exploit the static 'Chameleon' password to gain remote root access via Telnet or SSH on affected devices..

Update to 1.3.6 and disable access via Port 23 and Port 22 if not needed.

https://app.opencve.io/cve/CVE-2021-47744

 
 4

CVE-2025-59503

23/10/2025

2/1/2026

Azure Compute Gallery

Server-Side Request Forgery (SSRF)

10

Server-side request forgery (ssrf) in Azure Compute Gallery allows an unauthorized attacker to elevate privileges over a network.

This is a vulnerability in the Microsoft Azure (Cloud Provider) infrastructure, so the response focuses on updates from the provider's side.

https://app.opencve.io/cve/CVE-2025-59503
5

CVE-2026-0592

1/1/2026

5/1/2026

Online Product Reservation System < 1.0

SQL Injection

7.3

A security flaw has been discovered in code-projects Online Product Reservation System 1.0. This affects an unknown function of the file /handgunner-administrator/register_code.php of the component User Registration Handler.

Update to 1.0

https://app.opencve.io/cve/CVE-2026-0592

Malware News or Campaign IOC/IOA | EN

No

Campaign Name

Detection Date

Attack

Type

  

Description

  

Mitigation/Remediation
1

Zoom Stealer browser extensions harvest corporate meeting intelligence

30/12/2025

Malware​

A new malware campaign called “Zoom Stealer” has been discovered. It disguises itself as browser extensions on Chrome, Firefox, and Microsoft Edge and has been downloaded more than 2.2 million times. These malicious extensions collect detailed information related to online meetings, and the harvested data is transmitted to the attackers in real time.​
  • Review installed browser extensions and remove any that are unknown or no longer needed.​
  • Avoid extensions that request excessive or unnecessary permissions.​
  • Keep browsers, operating systems, and security software up to date.​

Ref: https://www.bleepingcomputer.com/news/security/zoom-stealer-browser-extensions-harvest-corporate-meeting-intelligence/

19 January 2026

Viewed 148 time

Engine by shopup.com