- Vulnerability/
- ZDI-CAN-24939
ZDI-CAN-24939: ZDI-25-236: Trend Micro Apex Central modTMSM Server-Side Request Forgery Information Disclosure Vulnerability
First published: Wed Apr 09 2025(Updated: )
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex Central. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 6.5. The following CVEs are assigned: CVE-2025-30678.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Trend Micro Apex Central |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of ZDI-CAN-24939?
The severity of ZDI-CAN-24939 is classified as medium.
How do I fix ZDI-CAN-24939?
To fix ZDI-CAN-24939, ensure that you have the latest version of Trend Micro Apex Central installed.
What type of attack does ZDI-CAN-24939 involve?
ZDI-CAN-24939 involves a remote information disclosure attack that requires user interaction.
What are the implications of ZDI-CAN-24939?
The implications of ZDI-CAN-24939 include potential exposure of sensitive information if the vulnerability is exploited.
Which versions of Trend Micro Apex Central are affected by ZDI-CAN-24939?
ZDI-CAN-24939 affects all versions of Trend Micro Apex Central that have not been patched.
- collector/zdi-published
- source/ZDI
- alias/ZDI-CAN-24939
- agent/last-modified-date
- agent/references
- agent/title
- agent/source
- agent/type
- agent/first-publish-date
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- vendor/trend micro
- canonical/trend micro apex central