How to fix EUVD-2025-27792?

Within 24 hours: Inventory all Deep Security 20.0 agent deployments and assess which systems run untrusted or multi-tenant workloads. Within 7 days: implement application whitelisting and restrict low-privileged user execution capabilities where operationally feasible; monitor Trend Micro's security advisories for patch availability. Within 30 days: apply the vendor patch immediately upon release, and conduct privilege escalation testing on affected systems.

Is Trendmicro affected by EUVD-2025-27792?

CVE-2025-30640 affects Trend Micro Deep Security 20.0 agents and could allow attackers to escalate privileges from low-level access to higher permissions on protected systems.

EUVD-2025-27792

| CVE-2025-30640 HIGH

2025-06-17 [email protected]

7.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 14, 2026 - 22:15 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 22:15 euvd

EUVD-2025-27792

CVE Published

Jun 17, 2025 - 21:15 nvd

HIGH 7.8

Description

A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Analysis

Link following vulnerability (symlink attack) in Trend Micro Deep Security 20.0 agents that enables local privilege escalation on affected systems. An attacker with low-privileged code execution capability can exploit this flaw to gain high-level system access. The vulnerability has a CVSS score of 7.8 with high impact across confidentiality, integrity, and availability; KEV and POC status are not confirmed in available data, but the low attack complexity and low privilege requirement indicate moderate real-world risk once initial code execution is obtained.

Technical Context

This vulnerability stems from CWE-59 (Improper Link Resolution Before File Access), a classic link-following or symlink attack. The Deep Security agent likely fails to properly validate or resolve symbolic links before performing file operations with elevated privileges. When the agent accesses files or directories as root/SYSTEM, an unprivileged user can create malicious symlinks pointing to sensitive system files or directories. The agent then follows these links and modifies targets that the attacker could not directly access, achieving privilege escalation. This typically occurs in temporary directories, cache locations, or log file handling where agents write or read files without proper link validation. Affected: Trend Micro Deep Security agents version 20.0; CPE context would be `cpe:2.3:a:trendmicro:deep_security_agent:20.0:*:*:*:*:*:*:*` and related variants.

Affected Products

- vendor: Trend Micro; product: Deep Security Agent; affected_version: 20.0; cpe: cpe:2.3:a:trendmicro:deep_security_agent:20.0:*:*:*:*:*:*:*; impact: All installations of Deep Security 20.0 agents on Windows, Linux, and macOS are potentially vulnerable if they perform file operations susceptible to symlink attacks

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +39

POC: 0

EUVD-2025-27792 vulnerability details – vuln.today

Back

EUVD-2025-27792

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

EUVD-2025-27792

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

External POC / Exploit Code