CVE-2025-49212

| EUVD-2025-18640 CRITICAL
2025-06-17 [email protected]
9.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 14, 2026 - 22:15 vuln.today
EUVD ID Assigned
Mar 14, 2026 - 22:15 euvd
EUVD-2025-18640
CVE Published
Jun 17, 2025 - 21:15 nvd
CRITICAL 9.8

Tags

Deserialization RCE Trendmicro Authentication Bypass Trend Micro Endpoint Encryption

Description

An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49220 but is in a different method.

Analysis

Pre-authentication remote code execution vulnerability in Trend Micro Endpoint Encryption PolicyServer caused by insecure deserialization in an unnamed method. An unauthenticated attacker on the network can exploit this over the network without user interaction to achieve complete system compromise (confidentiality, integrity, and availability impact). This vulnerability is actively monitored and represents a critical threat requiring immediate patching.

Technical Context

The vulnerability exists in the deserialization processing logic of Trend Micro Endpoint Encryption PolicyServer's network-accessible service component. CWE-477 (Use of Obsolete Function) combined with insecure deserialization practices represents a dangerous pattern where untrusted serialized objects are reconstructed without proper validation. The PolicyServer component handles encryption policy distribution and management across enterprise endpoints; its network-facing position makes it an attractive target. The similarity to CVE-2025-49220 (affecting a different method in the same product) suggests a systemic issue with deserialization handling across multiple code paths within the PolicyServer service, potentially indicating the use of legacy or unsafe serialization frameworks without proper input validation.

Affected Products

Trend Micro Endpoint Encryption PolicyServer (specific version ranges not provided in CVE description; vendor advisory required to identify affected versions and determine if patches exist). The product is typically deployed in enterprise environments as a centralized management server. Customers should consult Trend Micro security advisories for the definitive list of affected versions and any available patches. The PolicyServer component serves Windows and potentially cross-platform environments depending on deployment architecture.

Remediation

Immediate actions: (1) Consult the official Trend Micro security advisory for CVE-2025-49212 to identify your installed version's vulnerability status; (2) Apply vendor-released security patches immediately upon availability—do not delay; (3) If patches are not yet available, implement network segmentation to restrict access to PolicyServer to trusted administrative networks only, removing direct internet accessibility; (4) Monitor PolicyServer logs for suspicious serialization-related errors or unexpected connection attempts; (5) Consider temporary disablement of PolicyServer if operationally feasible until patches are deployed and tested; (6) Review and strengthen authentication mechanisms for any management interfaces as a defense-in-depth measure. References to patches should be obtained directly from Trend Micro's official security portal.

Priority Score

53
Low Medium High Critical
KEV: 0
EPSS: +4.4
CVSS: +49
POC: 0

Share

CVE-2025-49212 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy