Skip to main content

Deep Security Agent CVE-2025-30642

| EUVDEUVD-2025-27794 MEDIUM
Improper Link Resolution Before File Access (CWE-59)
2025-06-17 security@trendmicro.com
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Patch available
Apr 16, 2026 - 05:29 EUVD
20.0.1-25770
EUVD ID Assigned
Mar 14, 2026 - 22:15 euvd
EUVD-2025-27794
Analysis Generated
Mar 14, 2026 - 22:15 vuln.today
CVE Published
Jun 17, 2025 - 21:15 nvd
MEDIUM 5.5

DescriptionCVE.org

A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker to create a denial of service (DoS) situation on affected installations.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Analysis

A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker to create a denial of service (DoS) situation on affected installations.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Technical ContextAI

A denial of service vulnerability allows an attacker to disrupt the normal functioning of a system, making it unavailable to legitimate users. This vulnerability is classified as Improper Link Resolution Before File Access (CWE-59).

RemediationAI

Implement rate limiting and input validation. Use timeout mechanisms for resource-intensive operations. Deploy DDoS protection where applicable.

CVE-2024-51503 HIGH
8.8 Nov 19

A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an at

CVE-2025-30641 HIGH
7.8 Jun 17

Link following (symlink) vulnerability in Trend Micro Deep Security 20.0 agent's anti-malware component that enables loc

CVE-2025-30640 HIGH
7.8 Jun 17

Link following vulnerability (symlink attack) in Trend Micro Deep Security 20.0 agents that enables local privilege esca

CVE-2024-48903 HIGH
7.8 Oct 22

An improper access control vulnerability in Trend Micro Deep Security Agent 20 could allow a local attacker to escalate

CVE-2024-36358 HIGH
7.8 Jun 10

A link following vulnerability in Trend Micro Deep Security 20.x agents below build 20.0.1-3180 could allow a local atta

CVE-2022-40710 HIGH
7.8 Sep 28

A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could

CVE-2024-55955 HIGH
7.3 Dec 31

An incorrect permissions assignment vulnerability in Trend Micro Deep Security 20.0 agents between versions 20.0.1-9400

CVE-2022-40709 LOW
3.3 Sep 28

An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows

CVE-2022-40708 LOW
3.3 Sep 28

An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows

CVE-2022-40707 LOW
3.3 Sep 28

An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows

Share

CVE-2025-30642 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy