On 7 January 2026, Trend Micro ?a critical patch for Apex Central on-premises?versions below Build 7190, addressing multiple vulnerabilities. The most severe of the vulnerabilities?disclosed?is CVE-2025-69258, a critical severity vulnerability, which allows unauthenticated threat actors to load malicious DLLs and execute arbitrary code as SYSTEM without user interaction. The advisory also includes two medium-severity denial-of-service vulnerabilities, CVE-2025-69259 and CVE-2025-69260.?
Tenable researchers??these flaws alongside proof-of-concept (PoC) exploits and technical details on January 7, 2026, with no confirmed in-the-wild exploitation as of January 9. However, threat actors have?historically exploited vulnerabilities in Apex One and are likely to leverage the PoC exploit code. Organisations using an affected Apex Central version should prioritise upgrading to a fixed build as soon as possible, while restricting network access to management servers on the public internet and monitoring port 20001.?
Recommendations for CVE-2025-69258:
Upgrade to Latest Fixed Version
Arctic Wolf?strongly recommends?that customers upgrade to the latest fixed version. A download link is available for the latest versions on the?.?
| Product? | Affected Version? | Fixed Version? |
| Apex Central (on-premises)?? | Versions below Build 7190?? | Build 7190 and above? |
Please follow your organisation’s patching and testing guidelines to minimise potential operational impact.?
Restrict Access to Management Servers
Restrict direct internet access to the Apex Central server by placing it within a dedicated VLAN or DMZ, ensuring that only essential inbound ports are open. Within Apex Central, apply role-based access control (RBAC) to limit administrative logins.?
Since the MsgReceiver.exe?application?, restrict access to this port and? used by Apex Central on the public internet and actively?monitor for?any unauthorised connection attempts against the service.?
References?
