Trend Micro has addressed three critical vulnerabilities in its Apex Central management console, identified as CVE-2025-69258, CVE-2025-69259, and CVE-2025-69260. Disclosed by Tenable, these flaws were found in August 2025 and could allow for remote code execution or denial-of-service attacks. The most severe vulnerability, CVE-2025-69258, has a CVSS score of 9.8 and enables unauthenticated remote attackers to load malicious DLLs into a key executable, MsgReceiver.exe. This allows them to execute arbitrary code with SYSTEM privileges. The other two vulnerabilities, CVE-2025-69259 and CVE-2025-69260, both rated at 7.5, can lead to denial-of-service conditions. CVE-2025-69259 involves an unchecked NULL return value, while CVE-2025-69260 relates to an out-of-bounds read. Although exploiting these typically requires access to a vulnerable system, Trend Micro recommends that users apply patches immediately, limit remote access, and maintain updated security controls. The patched version, Critical Patch Build 7190, is now available for Apex Central on Windows. This isn’t the first time Trend Micro faced critical vulnerabilities; in August 2025, it also patched two command injection issues in Apex One that were actively being exploited. Overall, these incidents highlight ongoing security challenges within enterprise software, emphasizing the need for constant vigilance and timely updates.