JVNVU#98349623
Multiple vulnerabilities in Trend Micro Endpoint security products for enterprises (April 2025)

Overview

Trend Micro Incorporated has released security updates for Endpoint security products for enterprises.

Products Affected

CVE-2025-30678, CVE-2025-30679

• Trend Micro Apex Central 2019 prior to build 6955

• Trend Micro Apex Central SaaS before the maintenance on March 2025

• Deep Security Agent 20.0 (for Windows) versions prior to 20.0.1-25770

Description

Trend Micro Incorporated has released security updates for Endpoint security products for enterprises.

Impact

Trend Micro Apex Central 2019

• Information Disclosure due to server-side request forgery (SSRF) vulnerability in modTMSM component (CWE-918, CVE-2025-30678)
• Information Disclosure due to server-side request forgery (SSRF) vulnerability in modOSCE component (CWE-918, CVE-2025-30679)

• Information Disclosure due to server-side request forgery (SSRF) vulnerability (CWE-918, CVE-2025-30680)

• Privilege escalation due to a link following vulnerability (CWE-59, CVE-2025-30640)
• Privilege escalation due to a link following vulnerability in Anti-Malware function (CWE-59, CVE-2025-30641)
• Denial of service (DoS) due to a link following vulnerability (CWE-59, CVE-2025-30642)

Solution

Update the software
Update the software to the latest version according to the information provided by Trend Micro Incorporated.

For more details, refer to the information provided by Trend Micro Incorporated.