CVE-2025-30640

Published: Jun 17, 2025Modified: Sep 9, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: security@trendmicro.com (Secondary)

Description

A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Affected (13)

Products: Trendmicro: Deep Security Agent

Trendmicro

1 product

Deep Security Agent

Configuration A

13 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Trendmicro Deep Security Agent	Before 20.0.1
Trendmicro Deep Security Agent	Version 20.0.1
Trendmicro Deep Security Agent	Version 20.0.1 update12510
Trendmicro Deep Security Agent	Version 20.0.1 update14610
Trendmicro Deep Security Agent	Version 20.0.1 update17380
Trendmicro Deep Security Agent	Version 20.0.1 update19250
Trendmicro Deep Security Agent	Version 20.0.1 update21510
Trendmicro Deep Security Agent	Version 20.0.1 update23340
Trendmicro Deep Security Agent	Version 20.0.1 update3180
Trendmicro Deep Security Agent	Version 20.0.1 update4540
Trendmicro Deep Security Agent	Version 20.0.1 update690
Trendmicro Deep Security Agent	Version 20.0.1 update7380
Trendmicro Deep Security Agent	Version 20.0.1 update9400

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

CWE-59

Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (2)

https://success.trendmicro.com/en-US/solution/KA-0019344

Source: security@trendmicro.com

Vendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-25-239/

Source: security@trendmicro.com

Third Party Advisory

Timeline

No history available yet.