What is the CVSS score of CVE-2025-30640?

CVE-2025-30640 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Trend Micro are affected by CVE-2025-30640?

CVE-2025-30640 is a symlink-attack vulnerability in Trend Micro Deep Security 20.0 agents that allows attackers with low-privileged code execution to escalate to system-level access, potentially…. A patch is available.

How to fix or mitigate CVE-2025-30640?

Within 24 hours: Inventory all Trend Micro Deep Security 20.0 agent deployments across your environment and verify current agent version. Within 7 days: Contact Trend Micro for the specific patched agent version and deploy to a pilot group of systems in a non-production environment to validate stability. Within 30 days: Deploy vendor-released patched Deep Security agents to all remaining affected 20.0 installations via your patch management or Trend Micro management console; prioritize systems running untrusted or third-party code.

Trend Micro CVE-2025-30640

EUVD-2025-27792 HIGH

Improper Link Resolution Before File Access (CWE-59)

2025-06-17 security@trendmicro.com

Privilege Escalation Path Traversal Trend Micro Deep Security Agent

7.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Updated

Apr 16, 2026 - 06:37 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

Patch available

Apr 16, 2026 - 05:29 EUVD

20.0.1-25770

EUVD ID Assigned

Mar 14, 2026 - 22:15 euvd

EUVD-2025-27792

Analysis Generated

Mar 14, 2026 - 22:15 vuln.today

CVE Published

Jun 17, 2025 - 21:15 nvd

HIGH 7.8

DescriptionNVD

A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker to escalate privileges on affected installations.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

AnalysisAI

Link following vulnerability (symlink attack) in Trend Micro Deep Security 20.0 agents that enables local privilege escalation on affected systems. An attacker with low-privileged code execution capability can exploit this flaw to gain high-level system access. The vulnerability has a CVSS score of 7.8 with high impact across confidentiality, integrity, and availability; KEV and POC status are not confirmed in available data, but the low attack complexity and low privilege requirement indicate moderate real-world risk once initial code execution is obtained.

Technical ContextAI

This vulnerability stems from CWE-59 (Improper Link Resolution Before File Access), a classic link-following or symlink attack. The Deep Security agent likely fails to properly validate or resolve symbolic links before performing file operations with elevated privileges. When the agent accesses files or directories as root/SYSTEM, an unprivileged user can create malicious symlinks pointing to sensitive system files or directories. The agent then follows these links and modifies targets that the attacker could not directly access, achieving privilege escalation. This typically occurs in temporary directories, cache locations, or log file handling where agents write or read files without proper link validation. Affected: Trend Micro Deep Security agents version 20.0; CPE context would be cpe:2.3:a:trendmicro:deep_security_agent:20.0:*:*:*:*:*:*:* and related variants.

CVE-2025-30640 vulnerability details – vuln.today

Back

Trend Micro CVE-2025-30640

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

Share

External POC / Exploit Code