Key Information Vulnerability Overview Product: Trend Micro Deep Security 20.0 Agent Link Following Vulnerabilities Release Date: January 4, 2023 CVE Identifiers: CVE-2025-30640, CVE-2025-30641, CVE-2025-30642 CVSS v3.0 Score: 7.8 Severity Rating: MEDIUM - HIGH Affected Versions Product: Deep Security Agent Affected Versions: Versions below 20.0.1-25770 Platform: Windows Solution Updated Version: 20.0.1-25770 (updated on December 10, 2024) Platform: Windows Availability: Now available Vulnerability Details 1. CVE-2025-30640: Anti-Virus Link Following Local Privilege Escalation Vulnerability - CVSS v3.0: 7.8/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H - Description: A link following vulnerability in the Anti-Virus engine allows local attackers to perform privilege escalation. 2. CVE-2025-30641: Anti-Virus Link Following Local Privilege Escalation Vulnerability - CVSS v3.0: 7.8/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H - Description: Another link following vulnerability in the Anti-Virus engine allows local attackers to perform privilege escalation. 3. CVE-2025-30642: Link Following Denial of Service Vulnerability - CVSS v3.0: 6.5/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H - Description: A link following vulnerability in the Anti-Virus engine allows local attackers to cause a denial of service (DoS) condition. Mitigation Factors Run applications and updates with non-administrator privileges. Regularly apply patches and updates. Restrict remote access to critical systems. Maintain sound security policies and configuration parameters. Acknowledgments Teams and individuals who responsibly reported these vulnerabilities.