Japanese cybersecurity software program agency Pattern Micro has patched a important security flaw in Apex Central (on-premise) that would permit attackers to execute arbitrary code with SYSTEM privileges.
Apex Central is a web-based administration console that helps admins handle a number of Pattern Micro services (together with antivirus, content material security, and risk detection) and deploy elements like antivirus sample information, scan engines, and antispam guidelines from a single interface.
Tracked as CVE-2025-69258, the vulnerability permits risk actors with out privileges on the focused system to realize distant code execution by injecting malicious DLLs in low-complexity assaults that do not require person interplay.
“A LoadLibraryEX vulnerability in Pattern Micro Apex Central might permit an unauthenticated distant attacker to load an attacker-controlled DLL right into a key executable, resulting in execution of attacker-supplied code beneath the context of SYSTEM on affected installations,” Pattern Micro mentioned in a security advisory printed this week.
As defined by cybersecurity firm Tenable, which reported the flaw and shared technical particulars and proof-of-concept code, unauthenticated distant attackers can ship a specifically crafted message to the MsgReceiver.exe course of listening on TCP port 20001, “resulting in execution of attacker-supplied code beneath the security context of SYSTEM.”
Whereas there are mitigating components, like weak programs being uncovered to Web assaults, Pattern Micro urged prospects to patch their programs as quickly as attainable.
“Along with well timed utility of patches and up to date options, prospects are additionally suggested to evaluation distant entry to important programs and guarantee insurance policies and perimeter security is up-to-date,” Pattern Micro added.
“Nonetheless, though an exploit could require a number of particular circumstances to be met, Pattern Micro strongly encourages prospects to replace to the newest builds as quickly as attainable.”
To handle this vulnerability, Pattern Micro has launched Crucial Patch Construct 7190, which additionally fixes two denial-of-service flaws (CVE-2025-69259 and CVE-2025-69260) that may be exploited by unauthenticated attackers.
The corporate patched one other distant code execution Apex Central vulnerability (CVE-2022-26871) three years in the past, warning prospects that it was actively exploited within the wild.
Whether or not you are cleansing up previous keys or setting guardrails for AI-generated code, this information helps your workforce construct securely from the beginning.
Get the cheat sheet and take the guesswork out of secrets and techniques administration.
