Development Micro has launched safety updates to deal with a number of safety vulnerabilities impacting on-premise variations of Apex Central for Home windows, together with a crucial bug that would end in arbitrary code execution.
The vulnerability, tracked as CVE-2025-69258, carries a CVSS rating of 9.8 out of a most of 10.0. The vulnerability has been described as a case of distant code execution affecting LoadLibraryEX.
“A LoadLibraryEX vulnerability in Development Micro Apex Central might enable an unauthenticated distant attacker to load an attacker-controlled DLL right into a key executable, resulting in execution of attacker-supplied code underneath the context of SYSTEM on affected installations,” the cybersecurity firm mentioned.
Additionally patched by Development Micro are two different flaws –
- CVE-2025-69259 (CVSS rating: 7.5) – A message unchecked NULL return worth vulnerability in Development Micro Apex Central might enable a distant, unauthenticated attacker to create a denial-of-service situation on affected installations
- CVE-2025-69260 (CVSS rating: 7.5) – A message out-of-bounds learn vulnerability in Development Micro Apex Central might enable a distant, unauthenticated attacker to create a denial-of-service situation on affected installations
Tenable, which is credited with figuring out and reporting all three flaws in August 2025, mentioned an attacker can exploit CVE-2025-69258 by sending a message “0x0a8d” (“SC_INSTALL_HANDLER_REQUEST”) to the MsgReceiver.exe part, inflicting a DLL underneath their management to be loaded into the binary, leading to code execution with elevated privileges.
Equally, CVE-2025-69259 and CVE-2025-69260 can be triggered by sending a specifically crafted message “0x1b5b” (“SC_CMD_CGI_LOG_REQUEST”) to the MsgReceiver.exe course of, which listens on the default TCP port 20001.
The problems affect Apex Central on-premise variations beneath Construct 7190. Development Micro famous that profitable exploitation hinges on an attacker already having bodily or distant entry to a weak endpoint.
“Along with well timed software of patches and up to date options, clients are additionally suggested to assessment distant entry to crucial methods and guarantee insurance policies and perimeter safety are up-to-date,” it added.
Elevate your perspective with NextTech Information, the place innovation meets perception.
Uncover the most recent breakthroughs, get unique updates, and join with a worldwide community of future-focused thinkers.
Unlock tomorrow’s tendencies at the moment: learn extra, subscribe to our publication, and turn into a part of the NextTech group at NextTech-news.com
