CVE-2025-30642
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-06-17

Last updated on: 2025-09-09

Assigner: Trend Micro, Inc.

Description
A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker to create a denial of service (DoS) situation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-17
Last Modified
2025-09-09
Generated
2026-05-07
AI Q&A
2025-06-17
EPSS Evaluated
2026-05-05
NVD
CVE-2025-30642
EUVD
EUVD-2025-27794
Affected Vendors & Products
Showing 14 associated CPEs
Vendor Product Version / Range
trendmicro deep_security_agent to 20.0.1 (exc)
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
microsoft windows *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-59 The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-30642 is a local denial-of-service (DoS) vulnerability in the Trend Micro Deep Security Agent. It arises from improper link resolution in the Damage Cleanup Engine component, where an attacker with the ability to execute low-privileged code locally can create a junction to abuse the engine and delete a file. This causes a denial-of-service condition on the affected system. [1, 2]


How can this vulnerability impact me? :

This vulnerability can cause a denial-of-service (DoS) condition on systems running the affected Trend Micro Deep Security Agent versions. An attacker with local low-privileged code execution can exploit it to disrupt the availability of the security agent, potentially impacting system stability or security monitoring. [1, 2]


What immediate steps should I take to mitigate this vulnerability?

To mitigate CVE-2025-30642, immediately update the Trend Micro Deep Security Agent to version 20.0.1-25770 or later, which addresses this vulnerability. Additionally, ensure all prerequisite software such as service packs are installed. It is also recommended to review and strengthen remote access policies and perimeter security to reduce the risk of local attackers gaining low-privileged code execution on affected systems. [2]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart