Vendor scorecard
Trend Micro
Trend Micro security disclosure record — CVE volume, CVSS severity mix and product-category breakdown, sourced from the NIST NVD.
CPE: trendmicro
Product families
3
Open in latest
59
Inferred — see methodology
Last disclosure
Jun 17, 2025
01
Product categories
3 trackedCVE volume, severity mix and the inferred latest shipping version per category.
| Category | CVEs | Volume | Severity mix | Open | Inferred latest |
|---|---|---|---|---|---|
| Deep SecurityNetwork Detection / IDS-IPSdeep_security, deep_security_manager, deep_security_agent | 6 | 14 | 20.0.1MED | ||
| Deep Discovery (NDR/IDS-IPS)Network Detection / IDS-IPSdeep_discovery_inspector, deep_discovery_director, deep_discovery_analyzer… | 2 | 5 | 6.6MED | ||
| InterScan GatewaysNetwork Detection / IDS-IPSinterscan_web_security_virtual_appliance, interscan_messaging_security_virtual_appliance | 0 | 41 | 9.1LOW |
02
Recent CVEs
8 shownMost recently published, newest first. Each ID links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2025-30642(opens NVD record) | Medium | 5.5 | A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker to create a denial of service (DoS) situation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | Jun 17, 2025 |
| CVE-2025-30641(opens NVD record) | High | 7.8 | A link following vulnerability in the anti-malware solution portion of Trend Micro Deep Security 20.0 agents could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | Jun 17, 2025 |
| CVE-2025-30640(opens NVD record) | High | 7.8 | A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | Jun 17, 2025 |
| CVE-2024-55955(opens NVD record) | Medium | 6.7 | An incorrect permissions assignment vulnerability in Trend Micro Deep Security 20.0 agents between versions 20.0.1-9400 and 20.0.1-23340 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | Dec 31, 2024 |
| CVE-2024-51503(opens NVD record) | High | 8.0 | A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected machine. In certain circumstances, attackers that have legitimate access to the domain may be able to remotely inject commands to other machines in the same domain. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability locally and must have domain user privileges to affect other machines. | Nov 19, 2024 |
| CVE-2024-48903(opens NVD record) | High | 7.8 | An improper access control vulnerability in Trend Micro Deep Security Agent 20 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | Oct 22, 2024 |
| CVE-2024-46903(opens NVD record) | Medium | 6.5 | A vulnerability in Trend Micro Deep Discovery Inspector (DDI) versions 5.8 and above could allow an attacker to disclose sensitive information affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | Oct 22, 2024 |
| CVE-2024-46902(opens NVD record) | High | 8.4 | A vulnerability in Trend Micro Deep Discovery Inspector (DDI) versions 5.8 and above could allow an attacker to disclose sensitive information affected installations. Please note: an attacker must first obtain the ability to execute high-privileged code (admin user rights) on the target system in order to exploit this vulnerability. | Oct 22, 2024 |
8 CVEs · 3 product families