Cyber Posture

CVE-2025-69259

HighPublic PoC

Published: 08 January 2026

Published
08 January 2026
Modified
15 January 2026
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0065 71.0th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-69259 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Trendmicro Apex Central. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 29.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-11 (Error Handling).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mitigates the unchecked NULL return value vulnerability by requiring timely application of vendor patches for Trend Micro Apex Central.

SC-5 Denial-of-service Protection good match
preventdetect

Protects system availability by implementing denial-of-service defenses against remote unauthenticated exploitation leading to crashes.

SI-11 Error Handling good match
prevent

Ensures robust error handling for NULL return values in message processing to avoid denial-of-service conditions from unhandled failures.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
attack.mitre.org →
Why these techniques?

Remote unauthenticated exploitation of a NULL dereference in a network-accessible management server directly enables T1190 for initial access/DoS and T1499.004 for targeted application crash.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A message unchecked NULL return value vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations. Please note: authentication is not required in order to exploit this vulnerability..

Deeper analysisAI

CVE-2025-69259 is a message unchecked NULL return value vulnerability in Trend Micro Apex Central that could allow a remote attacker to create a denial-of-service condition on affected installations. Published on 2026-01-08T13:15:43.020, the issue is rated with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and maps to CWEs 120, 346, and 476.

A remote attacker can exploit this vulnerability without requiring authentication. Successful exploitation results in a denial-of-service condition, disrupting availability on targeted installations due to the unchecked NULL return value in message handling.

Trend Micro has published security advisories detailing the issue and mitigation steps, available at https://success.trendmicro.com/en-US/solution/KA-0022071 (English) and https://success.trendmicro.com/ja-JP/solution/KA-0022081 (Japanese). Additional analysis is provided in Tenable's research advisory at https://www.tenable.com/security/research/tra-2026-01.

Details

CWE(s)
CWE-120CWE-346CWE-476

Affected Products

trendmicro
apex central
2019

CVEs Like This One

CVE-2025-69260Same product: Microsoft Windows
CVE-2025-69258Same product: Microsoft Windows
CVE-2025-53378Same product: Microsoft Windows
CVE-2025-69624Same product: Microsoft Windows
CVE-2025-66769Same product: Microsoft Windows
CVE-2026-28718Same product: Microsoft Windows
CVE-2026-26130Same vendor: Microsoft
CVE-2025-21277Same vendor: Microsoft
CVE-2026-26154Same vendor: Microsoft
CVE-2026-25667Same vendor: Microsoft

References