Japanese cybersecurity software program agency Pattern Micro has patched a crucial safety flaw in Apex Central (on-premise) that might permit attackers to execute arbitrary code with SYSTEM privileges.
Apex Central is a web-based administration console that helps admins handle a number of Pattern Micro services (together with antivirus, content material safety, and risk detection) and deploy parts like antivirus sample recordsdata, scan engines, and antispam guidelines from a single interface.
Tracked as CVE-2025-69258, the vulnerability permits risk actors with out privileges on the focused system to achieve distant code execution by injecting malicious DLLs in low-complexity assaults that do not require person interplay.
“A LoadLibraryEX vulnerability in Pattern Micro Apex Central may permit an unauthenticated distant attacker to load an attacker-controlled DLL right into a key executable, resulting in execution of attacker-supplied code below the context of SYSTEM on affected installations,” Pattern Micro mentioned in a safety advisory printed this week.
As defined by cybersecurity firm Tenable, which reported the flaw and shared technical particulars and proof-of-concept code, unauthenticated distant attackers can ship a specifically crafted message to the MsgReceiver.exe course of listening on TCP port 20001, “resulting in execution of attacker-supplied code below the safety context of SYSTEM.”
Whereas there are mitigating elements, like weak techniques being uncovered to Web assaults, Pattern Micro urged clients to patch their techniques as quickly as attainable.
“Along with well timed utility of patches and up to date options, clients are additionally suggested to evaluate distant entry to crucial techniques and guarantee insurance policies and perimeter safety is up-to-date,” Pattern Micro added.
“Nevertheless, although an exploit could require a number of particular situations to be met, Pattern Micro strongly encourages clients to replace to the newest builds as quickly as attainable.”
To handle this vulnerability, Pattern Micro has launched Vital Patch Construct 7190, which additionally fixes two denial-of-service flaws (CVE-2025-69259 and CVE-2025-69260) that may be exploited by unauthenticated attackers.
The corporate patched one other distant code execution Apex Central vulnerability (CVE-2022-26871) three years in the past, warning clients that it was actively exploited within the wild.
It is funds season! Over 300 CISOs and safety leaders have shared how they’re planning, spending, and prioritizing for the 12 months forward. This report compiles their insights, permitting readers to benchmark methods, establish rising developments, and examine their priorities as they head into 2026.
Learn the way high leaders are turning funding into measurable impression.
