CVE-2025-69258

CRITICAL
2026-01-08 [email protected]
9.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
PoC Detected
Jan 15, 2026 - 19:18 vuln.today
Public exploit code
CVE Published
Jan 08, 2026 - 13:15 nvd
CRITICAL 9.8

Tags

Trendmicro Apex Central

Description

A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations.

Analysis

Trend Micro Apex Central has a DLL loading vulnerability (LoadLibraryEX) that allows unauthenticated remote attackers to load attacker-controlled DLLs and execute code as SYSTEM. PoC available.

Technical Context

A LoadLibraryEX call in Apex Central loads a DLL from an attacker-controllable path (CWE-120 as classified, but functionally a DLL hijacking vulnerability). The code executes under the SYSTEM account, providing maximum privilege. This is a security management console – compromise gives control over the entire Trend Micro deployment.

Affected Products

Trend Micro Apex Central

Remediation

Apply Trend Micro patches immediately. Restrict network access to Apex Central. Monitor for DLL loading anomalies.

Priority Score

70
Low Medium High Critical
KEV: 0
EPSS: +0.6
CVSS: +49
POC: +20

Share

CVE-2025-69258 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy