CVE-2025-69258 | THREATINT

Description

A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations.

PUBLISHED Reserved 2025-12-30 | Published 2026-01-08 | Updated 2026-01-09 | Assigner trendmicro

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-290: Authentication Bypass by Spoofing

CWE-346: Origin Validation Error

CWE-120: Buffer Copy without Checking Size of Input

Product status

2019 (14.0) (semver) before Build 7190

affected

References

success.trendmicro.com/en-US/solution/KA-0022071

success.trendmicro.com/ja-JP/solution/KA-0022081

www.tenable.com/security/research/tra-2026-01

cve.org (CVE-2025-69258)

nvd.nist.gov (CVE-2025-69258)

Download JSON