CVE-2025-30641

Опубликовано: 17 июн. 2025

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

A link following vulnerability in the anti-malware solution portion of Trend Micro Deep Security 20.0 agents could allow a local attacker to escalate privileges on affected installations.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Ссылки

https://success.trendmicro.com/en-US/solution/KA-0019344
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-25-240/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:trendmicro:deep_security_agent:*:*:*:*:long_term_support:*:*:*

Версия до 20.0.1 (исключая)

cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:-:*:*:long_term_support:*:*:*

cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update12510:*:*:long_term_support:*:*:*

cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update14610:*:*:long_term_support:*:*:*

cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update17380:*:*:long_term_support:*:*:*

cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update19250:*:*:long_term_support:*:*:*

cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update21510:*:*:long_term_support:*:*:*

cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update23340:*:*:long_term_support:*:*:*

cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update3180:*:*:long_term_support:*:*:*

cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update4540:*:*:long_term_support:*:*:*

cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update690:*:*:long_term_support:*:*:*

cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update7380:*:*:long_term_support:*:*:*

cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update9400:*:*:long_term_support:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 17%

0.00053

Низкий

7.8 High

CVSS3

Дефекты

CWE-59

Связанные уязвимости

GHSA-5w5r-cwgx-pjqm

CVSS3: 7.8

github

8 месяцев назад

A link following vulnerability in the anti-malware solution portion of Trend Micro Deep Security 20.0 agents could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

BDU:2025-03771

CVSS3: 7.8

fstec

больше 1 года назад

Уязвимость модуля Anti-Malware средства антивирусной защиты Trend Micro Deep Security Agent, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 17%

0.00053

Низкий

7.8 High

CVSS3

Дефекты

CWE-59