CVE-2025-30680
BaseFortify
Publication date: 2025-06-17
Last updated on: 2025-09-08
Assigner: Trend Micro, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| trendmicro | apex_central | to 2025-03-01 (exc) |
| microsoft | windows | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Server-side Request Forgery (SSRF) in Trend Micro Apex Central's Query method. It occurs because the system improperly validates a URI before accessing resources, allowing a remote authenticated attacker to manipulate parameters and cause the server to make unintended requests. This can lead to disclosure of sensitive information accessible by the service account. [1]
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can disclose sensitive information from the affected system without needing high privileges or user interaction. This could lead to exposure of confidential data, potentially compromising the security of your environment. [1]
What immediate steps should I take to mitigate this vulnerability?
Apply the update released by Trend Micro to fix the vulnerability. If you are using the SaaS instance of Apex Central and automatically apply Trend Micro's monthly maintenance releases, no further action is needed. [1]