Critical Vulnerability Information Vulnerability Details CVE-2025-30678: modTMSM Server-Side Request Forgery Information Disclosure Vulnerability - CVSS v3.1: 4.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) - Description: Attackers can exploit this vulnerability by sending specially crafted requests via the modTMSM component, leading to information disclosure. CVE-2025-30679: modOSCLI Server-Side Request Forgery Information Disclosure Vulnerability - CVSS v3.1: 4.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) - Description: Attackers can exploit this vulnerability by sending specially crafted requests via the modOSCLI component, leading to information disclosure. CVE-2025-30680: Apex Central SwiDQuery Server-Side Request Forgery Information Disclosure Vulnerability - CVSS v3.1: 4.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) - Description: Attackers can exploit this vulnerability by sending specially crafted requests via the SwiDQuery component, leading to information disclosure. CVE-2025-47865: wagent Local File Inclusion Code Execution Vulnerability - CVSS v3.1: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) - Description: Attackers can exploit this vulnerability by including local files via the wagent component, leading to code execution. CVE-2025-47866: wagent Remote Code Execution Vulnerability - CVSS v3.1: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) - Description: Attackers can exploit this vulnerability to execute remote code via the wagent component. CVE-2025-47867: Local NsInclude Remote Code Execution Vulnerability - CVSS v3.1: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) - Description: Attackers can exploit this vulnerability by including specially formatted input via the NsInclude component, leading to code execution. Affected Versions Apex Central (dependent): 3.5.0 to before 3.5.0R5 Apex Central Test: SecureVision Interface (from 2025 Maintenance Release) Remediation Apex Central (dependent): Upgrade to version 3.5.0R5 or later. Apex Central Test: Install the 2025 Maintenance Release patch package. Mitigating Factors By default, certain features require specific permissions to access, reducing the attack surface. Users are advised to promptly update software and apply the latest security patches.