Server-side Request Forgery Vulnerability in Trend Micro Apex Central SaaS
CVE-2025-30680

7.5HIGH

Key Information:

Vendor: Trend Micro
Status: Trend Micro Apex Central
Vendor: CVE Published:; 17 June 2025

🔔 Create Trend Micro Vulnerability Alert

What is CVE-2025-30680?

A Server-side Request Forgery (SSRF) vulnerability exists in Trend Micro Apex Central, specifically affecting its SaaS deployment. This flaw permits an attacker to manipulate specific parameters, potentially leading to unauthorized information disclosure on installations of the affected product. Customers utilizing the SaaS version with automated monthly maintenance releases from Trend Micro are protected and do not need to take additional measures.

Affected Version(s)

Trend Micro Apex Central SaaS < 8.0.6955

References

https://success.trendmicro.com/en-US/solution/KA-0019355

https://www.zerodayinitiative.com/advisories/ZDI-25-238/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 17, 2025
Vulnerability Reserved
Mar 25, 2025