TECHNICAL IMPACT STATEMENT: Deep Security 20.0 (CVE-2025-14819 & CVE-2025-14017)

Product / Version includes:

Deep Security 20.0

Last updated: 2026/03/16

Solution ID: KA-0022757

Category:

Summary

This article serves as an official communication from TrendAI regarding the technical impact of the following vulnerabilities in Deep Security 20.0 related to the popular 3rd party library - libcurl - which is a client-side URL transfer library utilized by many commercial applications.

Technical Analysis by CVE

1. CVE-2025-14819: OpenSSL partial chain store policy

CVSS 5.3 (Medium Severity)
Based on the analysis of the vulnerability by the TrendAI development team, it has been confirmed that Deep Security is not affected or impacted by this vulnerability because the product does not use the vulnerable option that can be exploited: CURLSSLOPT_NO_PARTIALCHAIN.

2. CVE-2025-14017: Broken TLS options for threaded LDAPS

CVSS 6.3 (Medium Severity)
Based on the analysis of the vulnerability by the TrendAI development team, it has been confirmed that Deep Security is not affected or impacted by this vulnerability because the vulnerable options (LDAP/LDAPS) are disabled at build time in Deep Security.

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

TECHNICAL IMPACT STATEMENT: Deep Security 20.0 (CVE-2025-14819 & CVE-2025-14017)

TECHNICAL IMPACT STATEMENT: Deep Security 20.0 (CVE-2025-14819 & CVE-2025-14017)

Product / Version includes:

Summary