CVE-2025-30641: 
Trend Micro Deep Security Agent vulnerability analysis and mitigation

A link following vulnerability (CVE-2025-30641) was discovered in the anti-malware solution portion of Trend Micro Deep Security 20.0 agents. The vulnerability was disclosed on April 9, 2025, and affects Deep Security Agent versions prior to 20.0.1-25770 for Windows systems. This security flaw could allow a local attacker to escalate privileges on affected installations, though exploitation requires initial access to execute low-privileged code on the target system (ZDI Advisory, Trend Micro Bulletin).

The vulnerability is classified as CWE-59 (Improper Link Resolution Before File Access) and has received a CVSS v3.1 base score of 7.8 (HIGH) with the vector string AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The specific flaw exists within the Anti-Malware Solution Platform where an attacker can abuse the service to delete a folder by creating a junction. This can be leveraged to escalate privileges and execute arbitrary code in the context of SYSTEM (ZDI Advisory).

Successful exploitation of this vulnerability allows an attacker to escalate privileges and execute arbitrary code in the context of SYSTEM, potentially gaining complete control over the affected component. This represents a significant security risk as it could lead to full system compromise on affected installations (ZDI Advisory).

Trend Micro has released version 20.0.1-25770 of Deep Security Agent to address this vulnerability. Organizations are strongly encouraged to update to the latest version as soon as possible. Additionally, organizations should review remote access to critical systems and ensure policies and perimeter security are up-to-date (Trend Micro Bulletin).