Japanese cybersecurity software program agency Pattern Micro has patched a crucial safety flaw in Apex Central (on-premise) that might enable attackers to execute arbitrary code with SYSTEM privileges.
Apex Central is a web-based administration console that helps admins handle a number of Pattern Micro services and products (together with antivirus, content material safety, and risk detection) and deploy parts like antivirus sample recordsdata, scan engines, and antispam guidelines from a single interface.
Tracked as CVE-2025-69258, the vulnerability allows risk actors with out privileges on the focused system to realize distant code execution by injecting malicious DLLs in low-complexity assaults that do not require consumer interplay.
“A LoadLibraryEX vulnerability in Pattern Micro Apex Central might enable an unauthenticated distant attacker to load an attacker-controlled DLL right into a key executable, resulting in execution of attacker-supplied code below the context of SYSTEM on affected installations,” Pattern Micro mentioned in a safety advisory revealed this week.
As defined by cybersecurity firm Tenable, which reported the flaw and shared technical particulars and proof-of-concept code, unauthenticated distant attackers can ship a specifically crafted message to the MsgReceiver.exe course of listening on TCP port 20001, “resulting in execution of attacker-supplied code below the safety context of SYSTEM.”
Whereas there are mitigating components, like weak programs being uncovered to Web assaults, Pattern Micro urged prospects to patch their programs as quickly as doable.
“Along with well timed utility of patches and up to date options, prospects are additionally suggested to evaluation distant entry to crucial programs and guarantee insurance policies and perimeter safety is up-to-date,” Pattern Micro added.
“Nevertheless, although an exploit could require a number of particular situations to be met, Pattern Micro strongly encourages prospects to replace to the most recent builds as quickly as doable.”
To handle this vulnerability, Pattern Micro has launched Vital Patch Construct 7190, which additionally fixes two denial-of-service flaws (CVE-2025-69259 and CVE-2025-69260) that may be exploited by unauthenticated attackers.
The corporate patched one other distant code execution Apex Central vulnerability (CVE-2022-26871) three years in the past, warning prospects that it was actively exploited within the wild.
It is price range season! Over 300 CISOs and safety leaders have shared how they’re planning, spending, and prioritizing for the 12 months forward. This report compiles their insights, permitting readers to benchmark methods, determine rising developments, and examine their priorities as they head into 2026.
Find out how prime leaders are turning funding into measurable influence.
