{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-07T18:33:21.435","vulnerabilities":[{"cve":{"id":"CVE-2025-30680","sourceIdentifier":"security@trendmicro.com","published":"2025-06-17T20:15:31.823","lastModified":"2025-09-08T21:04:31.983","vulnStatus":"Analyzed","cveTags":[{"sourceIdentifier":"security@trendmicro.com","tags":["exclusively-hosted-service"]}],"descriptions":[{"lang":"en","value":"A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (SaaS) could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations.  \r\n\r\nPlease note: this vulnerability only affects the SaaS instance of Apex Central - customers that automatically apply Trend Micro's monthly maintenance releases to the SaaS instance do not have to take any further action."},{"lang":"es","value":"Una vulnerabilidad de Server-side Request Forgery (SSRF) en Trend Micro Apex Central (SaaS) podría permitir a un atacante manipular ciertos parámetros, lo que podría provocar la divulgación de información en las instalaciones afectadas. Nota: Esta vulnerabilidad solo afecta a la instancia SaaS de Apex Central; los clientes que aplican automáticamente las actualizaciones de mantenimiento mensuales de Trend Micro a la instancia SaaS no tienen que realizar ninguna acción adicional."}],"metrics":{"cvssMetricV31":[{"source":"security@trendmicro.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}]},"weaknesses":[{"source":"security@trendmicro.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:trendmicro:apex_central:*:*:*:*:saas:*:*:*","versionEndExcluding":"2025-03-01","matchCriteriaId":"2E3910C7-B628-45C7-A317-A69D1A972B90"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://success.trendmicro.com/en-US/solution/KA-0019355","source":"security@trendmicro.com","tags":["Vendor Advisory"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-25-238/","source":"security@trendmicro.com","tags":["Third Party Advisory"]}]}}]}