Severity
High
Analysis Summary
CVE-2025-30640 CVSS:7.8
Trend Micro Deep Security Agent could allow a local authenticated attacker to gain elevated privileges on the system, caused by a link following flaw.
CVE-2025-30641 CVSS:7.8
Trend Micro Deep Security Agent could allow a local authenticated attacker to gain elevated privileges on the system, caused by a link following flaw.
CVE-2025-30642 CVSS:5.5
Trend Micro Deep Security Agent is vulnerable to a denial of service, caused by a a link following flaw.
CVE-2025-30678 CVSS:6.5
Trend Micro Apex Central (on-premise) is vulnerable to server-side request forgery, caused by a flaw in the modTMSM component.
CVE-2025-30679 CVSS:6.5
Trend Micro Apex Central (on-premise) is vulnerable to server-side request forgery, caused by a flaw in the modOSCE component component.
CVE-2025-30680 CVSS:7.1
Trend Micro Apex Central (SaaS) is vulnerable to server-side request forgery, caused by improper validation of unspecified parameters.
Impact
- Privilege Escalation
- Denial of Service
- Gain Access
Indicators of Compromise
CVE
CVE-2025-30640
CVE-2025-30641
CVE-2025-30642
CVE-2025-30678
CVE-2025-30679
CVE-2025-30680
Affected Vendors
Affected Products
- Trend Micro Apex Central (on-prem) - 2019
- Trend Micro Deep Security Agent - 20.0
Remediation
Refer to Trend Micro Security Advisory for patch, upgrade, or suggested workaround information.