CVE-2025-30642 – A link following vulnerability in Trend Micro D... (How to Fix)

Q: What is the severity of CVE-2025-30642?

CVE-2025-30642 has a CVSS score of 5.5 (MEDIUM). A link following vulnerability in Trend Micro Deep Security 20.0 agents allows local attackers to create denial of service conditions. This affects systems running vulnerable versions of Deep Security agents where an attacker has already gained low-privileged code execution. The vulnerability requires local access to exploit.

📋 TL;DR

A link following vulnerability in Trend Micro Deep Security 20.0 agents allows local attackers to create denial of service conditions. This affects systems running vulnerable versions of Deep Security agents where an attacker has already gained low-privileged code execution. The vulnerability requires local access to exploit.

💻 Affected Systems

Products:

Trend Micro Deep Security Agent

Versions: 20.0

Operating Systems: All supported OS for Deep Security 20.0

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Deep Security 20.0 agents; requires attacker to have low-privileged code execution capability on target system.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system unavailability requiring agent restart or system reboot, potentially disrupting security monitoring and protection.

🟠

Likely Case

Temporary service disruption of Deep Security agent functionality, requiring agent restart to restore normal operation.

🟢

If Mitigated

Minimal impact with proper access controls preventing low-privileged code execution and agent restart procedures in place.

🌐 Internet-Facing: LOW - Requires local access and low-privileged code execution, not directly exploitable from internet.

🏢 Internal Only: MEDIUM - Internal attackers with low-privileged access could disrupt security monitoring on affected systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and ability to execute low-privileged code; link following vulnerability typically involves manipulating file paths or symbolic links.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to latest Deep Security agent version (check vendor advisory)

Vendor Advisory: https://success.trendmicro.com/en-US/solution/KA-0019344

Restart Required: Yes

Instructions:

1. Review vendor advisory KA-0019344. 2. Update Deep Security agents to latest version via Deep Security Manager or manual installation. 3. Restart affected agents after update.

🔧 Temporary Workarounds

Restrict local user privileges

all

Implement least privilege access controls to prevent low-privileged code execution

Monitor agent health

all

Implement monitoring to detect and automatically restart failed Deep Security agents

🧯 If You Can't Patch

Implement strict access controls to prevent unauthorized local code execution
Monitor agent processes and implement automated restart procedures for failed agents

🔍 How to Verify

Check if Vulnerable:

Check Deep Security agent version via Deep Security Manager or agent console; version 20.0 is vulnerable.

Check Version:

On Windows: Check agent version in Control Panel > Programs. On Linux: Check agent version via package manager or agent status command.

Verify Fix Applied:

Verify agent version is updated beyond 20.0 and agent services are running normally.

📡 Detection & Monitoring

Log Indicators:

Deep Security agent crash logs
Unexpected agent service termination
Permission denied errors in agent logs

Network Indicators:

Loss of agent-to-manager communication
Missing heartbeat signals from agents

SIEM Query:

source="deep_security" AND (event_type="agent_crash" OR event_type="service_stopped")

📊 Metadata

CVE ID: CVE-2025-30642

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-59

EPSS Score: 0.06% exploit probability (19.3th percentile)

Published: June 17, 2025

Last Updated: September 9, 2025

🔗 References

https://success.trendmicro.com/en-US/solution/KA-0019344 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-25-241/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-30642, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Deep Security Agent by Trendmicro

Deep Security Agent by Trendmicro

Deep Security Agent by Trendmicro

Deep Security Agent by Trendmicro

Deep Security Agent by Trendmicro

Deep Security Agent by Trendmicro

Deep Security Agent by Trendmicro

Deep Security Agent by Trendmicro

Deep Security Agent by Trendmicro

Deep Security Agent by Trendmicro

Deep Security Agent by Trendmicro

Deep Security Agent by Trendmicro

Deep Security Agent by Trendmicro

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict local user privileges

Monitor agent health

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities