|
[Japanese]
|
JVNDB-2025-003091
|
Multiple vulnerabilities in Trend Micro Endpoint security products for enterprises (April 2025)
|
|
Trend Micro Incorporated has released security updates for Endpoint security products for enterprises.
Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
|
|
|
|
|
Trend Micro, Inc.
- Deep Security Agent 20.0 (for Windows) versions prior to 20.0.1-25770 - CVE-2025-30640, CVE-2025-30641, CVE-2025-30642
- Trend Micro Apex Central SaaS before the maintenance on March 2025 - CVE-2025-30680
- Trend Micro Apex Central 2019 prior to build 6955 - CVE-2025-30678, CVE-2025-30679
|
|
|
Trend Micro Apex Central 2019
- Information Disclosure due to server-side request forgery (SSRF) vulnerability in modTMSM component (CWE-918, CVE-2025-30678)
- Information Disclosure due to server-side request forgery (SSRF) vulnerability in modOSCE component (CWE-918, CVE-2025-30679)
Trend Micro Apex Central SaaS
- Information Disclosure due to server-side request forgery (SSRF) vulnerability (CWE-918, CVE-2025-30680)
Deep Security Agent 20.0
- Privilege escalation due to a link following vulnerability (CWE-59, CVE-2025-30640)
- Privilege escalation due to a link following vulnerability in Anti-Malware function (CWE-59, CVE-2025-30641)
- Denial of service (DoS) due to a link following vulnerability (CWE-59, CVE-2025-30642)
|
|
[Update the software]
Update the software to the latest version according to the information provided by Trend Micro Incorporated.
For more details, refer to the information provided by Trend Micro Incorporated.
|
|
Trend Micro, Inc.
|
|
- Link Following(CWE-59) [Other]
- Server-Side Request Forgery (SSRF)(CWE-918) [Other]
|
|
- CVE-2025-30678
- CVE-2025-30679
- CVE-2025-30680
- CVE-2025-30640
- CVE-2025-30641
- CVE-2025-30642
|
|
- JVN : JVNVU#98349623
|
|
- [2025/04/09]
Web page was published
|
