Japanese cybersecurity software program agency Pattern Micro has patched a essential safety flaw in Apex Central (on-premise) that might permit attackers to execute arbitrary code with SYSTEM privileges.
Apex Central is a web-based administration console that helps admins handle a number of Pattern Micro services (together with antivirus, content material safety, and menace detection) and deploy elements like antivirus sample information, scan engines, and antispam guidelines from a single interface.
Tracked as CVE-2025-69258, the vulnerability allows menace actors with out privileges on the focused system to realize distant code execution by injecting malicious DLLs in low-complexity assaults that do not require consumer interplay.
“A LoadLibraryEX vulnerability in Pattern Micro Apex Central might permit an unauthenticated distant attacker to load an attacker-controlled DLL right into a key executable, resulting in execution of attacker-supplied code beneath the context of SYSTEM on affected installations,” Pattern Micro stated in a safety advisory revealed this week.
As defined by cybersecurity firm Tenable, which reported the flaw and shared technical particulars and proof-of-concept code, unauthenticated distant attackers can ship a specifically crafted message to the MsgReceiver.exe course of listening on TCP port 20001, “resulting in execution of attacker-supplied code beneath the safety context of SYSTEM.”
Whereas there are mitigating components, like weak programs being uncovered to Web assaults, Pattern Micro urged clients to patch their programs as quickly as potential.
“Along with well timed software of patches and up to date options, clients are additionally suggested to evaluation distant entry to essential programs and guarantee insurance policies and perimeter safety is up-to-date,” Pattern Micro added.
“Nonetheless, regardless that an exploit might require a number of particular situations to be met, Pattern Micro strongly encourages clients to replace to the most recent builds as quickly as potential.”
To handle this vulnerability, Pattern Micro has launched Vital Patch Construct 7190, which additionally fixes two denial-of-service flaws (CVE-2025-69259 and CVE-2025-69260) that may be exploited by unauthenticated attackers.
The corporate patched one other distant code execution Apex Central vulnerability (CVE-2022-26871) three years in the past, warning clients that it was actively exploited within the wild.
It is finances season! Over 300 CISOs and safety leaders have shared how they’re planning, spending, and prioritizing for the 12 months forward. This report compiles their insights, permitting readers to benchmark methods, determine rising traits, and evaluate their priorities as they head into 2026.
Learn the way high leaders are turning funding into measurable affect.
