CVE-2025-30680Server-Side Request Forgery in Micro INC Trend Micro Apex Central

CWE-918Server-Side Request Forgery3 documents3 sources
Severity
7.1HIGHNVD
EPSS
0.3%
top 49.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Trend Micro INC Trend Micro Apex CentralTrendmicro Apex Central
Timeline
PublishedJun 17

Description

A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (SaaS) could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations. Please note: this vulnerability only affects the SaaS instance of Apex Central - customers that automatically apply Trend Micro's monthly maintenance releases to the SaaS instance do not have to take any further action.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:NExploitability: 2.8 | Impact: 4.2

Affected Packages2 packages

NVDtrendmicro/apex_central< 2025-03-01
CVEListV5trend_micro_inc/trend_micro_apex_centralSaaS8.0.6955

🔴Vulnerability Details

2
GHSA
GHSA-9xcp-x784-h228: A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (SaaS) could allow an attacker to manipulate certain parameters leading2025-06-17
CVEList
CVE-2025-30680: A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (SaaS) could allow an attacker to manipulate certain parameters leading2025-06-17
CVE-2025-30680 — Server-Side Request Forgery | cvebase