CVE-2025-30678
BaseFortify
Publication date: 2025-06-17
Last updated on: 2025-09-08
Assigner: Trend Micro, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| trendmicro | apex_central | 2019 |
| trendmicro | apex_central | 2019 |
| trendmicro | apex_central | 2019 |
| trendmicro | apex_central | 2019 |
| trendmicro | apex_central | 2019 |
| trendmicro | apex_central | 2019 |
| trendmicro | apex_central | 2019 |
| trendmicro | apex_central | 2019 |
| trendmicro | apex_central | 2019 |
| trendmicro | apex_central | 2019 |
| trendmicro | apex_central | 2019 |
| trendmicro | apex_central | 2019 |
| microsoft | windows | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-30678 is a Server-side Request Forgery (SSRF) vulnerability in the modTMSM component of Trend Micro Apex Central (on-premise). It occurs because the application improperly validates a URI before accessing resources, which allows a remote attacker to manipulate certain parameters and disclose sensitive information from affected installations. Exploitation requires user interaction, such as visiting a malicious webpage or opening a malicious file. [1]
How can this vulnerability impact me? :
This vulnerability can lead to information disclosure, meaning an attacker could gain access to sensitive data from the affected system. Although it does not impact integrity or availability, the confidentiality of information is highly impacted. An attacker can exploit this remotely with low complexity but requires user interaction. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this SSRF vulnerability involves monitoring for unusual or suspicious requests to the modTMSM component of Trend Micro Apex Central, especially those containing manipulated URI parameters. Since exploitation requires user interaction, look for HTTP requests with unexpected or external URIs being accessed by the modTMSM webapp widget. Specific commands are not provided in the resources, but network monitoring tools like tcpdump or Wireshark can be used to capture and analyze traffic to the affected server. Additionally, reviewing web server logs for requests to modTMSM with unusual parameters may help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to apply the update released by Trend Micro that addresses this SSRF vulnerability in the modTMSM component of Apex Central. Until the update is applied, restrict access to the affected component to trusted users only and monitor for suspicious activity. Additionally, educate users to avoid interacting with untrusted links or files that could trigger exploitation. [1]