CVE-2025-30679: 
Apex Central vulnerability analysis and mitigation

A Server-side Request Forgery (SSRF) vulnerability (CVE-2025-30679) was discovered in Trend Micro Apex Central's (on-premise) modOSCE component. The vulnerability was disclosed on March 25, 2025, and affects Apex Central 2019 versions before build 6955. This security flaw could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations (Trend Advisory, ZDI Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N), indicating a medium severity level. The weakness is classified as CWE-918: Server-Side Request Forgery (SSRF). The specific flaw exists within the modOSCE webapp widget, and the issue results from the lack of proper validation of a URI prior to accessing resources (ZDI Advisory).

An attacker can leverage this vulnerability to disclose sensitive data on affected installations, which could potentially lead to further compromise of the system. The vulnerability specifically affects the confidentiality of the system, with no direct impact on integrity or availability (ZDI Advisory).

Trend Micro has released build 6955 for Apex Central (on-premise) to address this vulnerability. Customers are strongly encouraged to update to the latest build as soon as possible. Additionally, customers should review remote access to critical systems and ensure policies and perimeter security are up-to-date (Trend Advisory).

The vulnerability was discovered and reported by Poh Jia Hao of STAR Labs SG Pte. Ltd., working with Trend Micro's Zero Day Initiative (Trend Advisory).