CVE-2025-30640: 
Trend Micro Deep Security Agent vulnerability analysis and mitigation

A link following vulnerability (CVE-2025-30640) was discovered in Trend Micro Deep Security 20.0 agents affecting versions before 20.0.1-25770. The vulnerability was disclosed on April 9th, 2025, and allows local attackers to escalate privileges on affected installations (ZDI Advisory, Trend Advisory).

The vulnerability exists within the Trend Micro Anti-Malware Solution Platform and has been assigned a CVSS v3.1 base score of 7.8 (High) with the vector string AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The specific flaw allows an attacker to abuse the service to delete a file by creating a symbolic link. The vulnerability is classified under CWE-59: Improper Link Resolution Before File Access (ZDI Advisory, Trend Advisory).

Successful exploitation of this vulnerability can allow an attacker to escalate privileges and execute arbitrary code in the context of SYSTEM. The attacker can leverage this vulnerability to gain complete control over the affected system (ZDI Advisory).

Trend Micro has released version 20.0.1-25770 (20 LTS Update 2024-12-10) to address this vulnerability. Users are strongly encouraged to update to the latest version as soon as possible. Additionally, organizations should review remote access to critical systems and ensure policies and perimeter security are up-to-date (Trend Advisory).