Server-side Request Forgery Vulnerability in Trend Micro Apex Central
CVE-2025-30678

6.5MEDIUM

Key Information:

Vendor: Trend Micro
Status: Trend Micro Apex Central
Vendor: CVE Published:; 17 June 2025

🔔 Create Trend Micro Vulnerability Alert

What is CVE-2025-30678?

A vulnerability exists in the modTMSM component of Trend Micro Apex Central (on-premise) that could permit attackers to exploit SSRF weaknesses. By manipulating specific parameters, unauthorized parties can gain access to sensitive information on affected installations. This issue poses significant risks to the confidentiality of data and could be leveraged for further attacks, highlighting the importance of immediate mitigation measures.

Affected Version(s)

Trend Micro Apex Central 8.0 < 8.0.6955

References

https://success.trendmicro.com/en-US/solution/KA-0019355

https://www.zerodayinitiative.com/advisories/ZDI-25-236/

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 17, 2025
Vulnerability Reserved
Mar 25, 2025

JSON