CVE-2025-30641
BaseFortify
Publication date: 2025-06-17
Last updated on: 2025-09-09
Assigner: Trend Micro, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| trendmicro | deep_security_agent | to 20.0.1 (exc) |
| trendmicro | deep_security_agent | 20.0.1 |
| trendmicro | deep_security_agent | 20.0.1 |
| trendmicro | deep_security_agent | 20.0.1 |
| trendmicro | deep_security_agent | 20.0.1 |
| trendmicro | deep_security_agent | 20.0.1 |
| trendmicro | deep_security_agent | 20.0.1 |
| trendmicro | deep_security_agent | 20.0.1 |
| trendmicro | deep_security_agent | 20.0.1 |
| trendmicro | deep_security_agent | 20.0.1 |
| trendmicro | deep_security_agent | 20.0.1 |
| trendmicro | deep_security_agent | 20.0.1 |
| trendmicro | deep_security_agent | 20.0.1 |
| microsoft | windows | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-59 | The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-30641 is a local privilege escalation vulnerability in the anti-malware solution of Trend Micro Deep Security 20.0 agents. An attacker who already has the ability to run low-privileged code on the system can exploit this flaw by creating a junction to abuse the service, which allows them to improperly delete a folder and escalate their privileges to SYSTEM level. [1]
How can this vulnerability impact me? :
This vulnerability can allow an attacker with limited access to escalate their privileges to the highest system level (SYSTEM), potentially gaining full control over the affected system. This can lead to unauthorized access, modification, or deletion of sensitive data, disruption of system availability, and compromise of system integrity. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by verifying if the Trend Micro Deep Security Agent version 20.0 or affected versions are installed on the system. Since the exploit involves creating a junction to abuse the service, checking for suspicious junction points or unauthorized folder deletions related to the Deep Security Agent may help. However, no specific detection commands are provided in the available resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the update released by Trend Micro that addresses and fixes this vulnerability. Additionally, restricting the ability to execute low-privileged code on the system will reduce the risk of exploitation, as the attacker must first have such access to exploit the vulnerability. [1]