- Vulnerability/
- ZDI-25-236
ZDI-25-236: Trend Micro Apex Central modTMSM Server-Side Request Forgery Information Disclosure Vulnerability
First published: Wed Apr 09 2025(Updated: )
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex Central. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 6.5. The following CVEs are assigned: CVE-2025-30678.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Trend Micro Apex Central |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of ZDI-25-236?
The vulnerability ZDI-25-236 has been identified as allowing remote attackers to access sensitive information, which can compromise the security of affected systems.
How do I fix ZDI-25-236?
To mitigate the effects of ZDI-25-236, ensure that all relevant software updates and patches from Trend Micro Apex Central are applied as soon as they become available.
What kind of user interaction is needed for ZDI-25-236 to be exploited?
Exploitation of ZDI-25-236 requires the target user to visit a malicious page or open a malicious file.
Which software is affected by ZDI-25-236?
ZDI-25-236 affects installations of Trend Micro Apex Central.
What are the potential consequences of ZDI-25-236?
If exploited, ZDI-25-236 can lead to unauthorized access to sensitive information, exposing users to risk.
- collector/zdi-published
- source/ZDI
- alias/ZDI-CAN-24939
- agent/last-modified-date
- agent/references
- agent/title
- agent/source
- agent/type
- agent/first-publish-date
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- vendor/trend micro
- canonical/trend micro apex central