CVE-2025-69258 - Vulnerability Details - OpenCVE

A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Trendmicro	Apexcentral

No data.

No data.

No data.

References

Link	Providers
https://success.trendmicro.com/en-US/solution/KA-0022071
https://success.trendmicro.com/ja-JP/solution/KA-0022081
https://www.tenable.com/security/research/tra-2026-01

History

Thu, 08 Jan 2026 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 08 Jan 2026 13:00:00 +0000

Type	Values Removed	Values Added
Description		A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations.
First Time appeared		Trendmicro Trendmicro apexcentral
Weaknesses		CWE-120 CWE-290 CWE-346
CPEs		cpe:2.3:a:trendmicro:apexcentral:2019:7190:-::-:windows::*
Vendors & Products		Trendmicro Trendmicro apexcentral
References		https://success.trendmicro.com/en-US/solution/KA-0022071 https://success.trendmicro.com/ja-JP/solution/KA-0022081 https://www.tenable.com/security/research/tra-2026-01
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: trendmicro

Published: 2026-01-08T12:50:25.113Z

Updated: 2026-01-09T04:55:19.118Z

Reserved: 2025-12-30T16:24:23.580Z

Link: CVE-2025-69258

Vulnrichment

Updated: 2026-01-08T14:19:38.803Z

NVD

Status : Awaiting Analysis

Published: 2026-01-08T13:15:42.870

Modified: 2026-01-08T18:08:18.457

Link: CVE-2025-69258

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-69258", "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272", "state": "PUBLISHED", "assignerShortName": "trendmicro", "dateReserved": "2025-12-30T16:24:23.580Z", "datePublished": "2026-01-08T12:50:25.113Z", "dateUpdated": "2026-01-09T04:55:19.118Z"}, "containers": {"cna": {"affected": [{"vendor": "Trend Micro, Inc.", "product": "Trend Micro Apex Central", "versions": [{"version": "2019 (14.0)", "status": "affected", "versionType": "semver", "lessThan": "Build 7190"}], "cpes": ["cpe:2.3:a:trendmicro:apexcentral:2019:7190:-:*:-:windows:*:*"]}], "descriptions": [{"lang": "en", "value": "A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations."}], "providerMetadata": {"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272", "shortName": "trendmicro", "dateUpdated": "2026-01-08T12:50:25.113Z"}, "references": [{"url": "https://success.trendmicro.com/en-US/solution/KA-0022071"}, {"url": "https://success.trendmicro.com/ja-JP/solution/KA-0022081"}, {"url": "https://www.tenable.com/security/research/tra-2026-01"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "CRITICAL", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "problemTypes": [{"descriptions": [{"description": "CWE-290: Authentication Bypass by Spoofing", "lang": "en-US", "type": "CWE", "cweId": "CWE-290"}, {"description": "CWE-346: Origin Validation Error", "lang": "en-US", "type": "CWE", "cweId": "CWE-346"}, {"description": "CWE-120: Buffer Copy without Checking Size of Input", "lang": "en-US", "type": "CWE", "cweId": "CWE-120"}]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-08T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2025-69258"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-09T04:55:19.118Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-69258", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-08T14:58:17.993348Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-08T14:19:38.803Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:trendmicro:apexcentral:2019:7190:-:*:-:windows:*:*"], "vendor": "Trend Micro, Inc.", "product": "Trend Micro Apex Central", "versions": [{"status": "affected", "version": "2019 (14.0)", "lessThan": "Build 7190", "versionType": "semver"}]}], "references": [{"url": "https://success.trendmicro.com/en-US/solution/KA-0022071"}, {"url": "https://success.trendmicro.com/ja-JP/solution/KA-0022081"}, {"url": "https://www.tenable.com/security/research/tra-2026-01"}], "descriptions": [{"lang": "en", "value": "A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-290", "description": "CWE-290: Authentication Bypass by Spoofing"}, {"lang": "en-US", "type": "CWE", "cweId": "CWE-346", "description": "CWE-346: Origin Validation Error"}, {"lang": "en-US", "type": "CWE", "cweId": "CWE-120", "description": "CWE-120: Buffer Copy without Checking Size of Input"}]}], "providerMetadata": {"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272", "shortName": "trendmicro", "dateUpdated": "2026-01-08T12:50:25.113Z"}}}, "cveMetadata": {"cveId": "CVE-2025-69258", "state": "PUBLISHED", "dateUpdated": "2026-01-09T04:55:19.118Z", "dateReserved": "2025-12-30T16:24:23.580Z", "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272", "datePublished": "2026-01-08T12:50:25.113Z", "assignerShortName": "trendmicro"}, "dataVersion": "5.2"}