CVE-2025-30679
published 2025-06-17CVE-2025-30679: A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modOSCE component could allow an attacker to manipulate certain…
PriorityP344high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.30%
21.5th percentile
A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modOSCE component could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| trend_micro_inc | trend_micro_apex_central | >= 8.0 < 8.0.6955 | 8.0.6955 |
| trendmicro | apex_central | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Wiz
CVE-2025-69258 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2025-69258 [MEDIUM] CVE-2025-69258 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-69258 :
Apex Central vulnerability analysis and mitigation
A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations.
Source : NVD
## 9.8
Score
Published January 8, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
Apex Central
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 70.3
Exploitation Probability (EPSS) 0.6
Affected packages and libraries
cpe:2.3:a:trendmicro:apex_central
Sources
Windows Severity CRITICAL No Fix Added at: Jan 18, 2026
Windows Sever
Wiz
CVE-2025-69259 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2025-69259 [MEDIUM] CVE-2025-69259 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-69259 :
Apex Central vulnerability analysis and mitigation
A message unchecked NULL return value vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations.
Please note: authentication is not required in order to exploit this vulnerability..
Source : NVD
## 7.5
Score
Published January 8, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
Apex Central
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 70
Exploitation Probability (EPSS) 0.6
Affected packages and libraries
cpe:2.3:a:trendmicro:apex_central
Sources
Windows Severity HIGH No Fix Added at: Jan 18, 2026
Windows Severity HIGH No
Wiz
CVE-2025-69260 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2025-69260 [MEDIUM] CVE-2025-69260 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-69260 :
Apex Central vulnerability analysis and mitigation
A message out-of-bounds read vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations.
Please note: authentication is not required in order to exploit this vulnerability.
Source : NVD
## 7.5
Score
Published January 8, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
Apex Central
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 67.3
Exploitation Probability (EPSS) 0.5
Affected packages and libraries
cpe:2.3:a:trendmicro:apex_central
Sources
Windows Severity HIGH No Fix Added at: Jan 18, 2026
Windows Severity HIGH No Fix Adde
2025-06-17
Published