Skip to main content

Trend Micro CVE-2025-49213

| EUVD-2025-18647 CRITICAL
Use of Obsolete Function (CWE-477)
2025-06-17 security@trendmicro.com
Authentication Bypass RCE Deserialization Trend Micro Trend Micro Endpoint Encryption
9.8
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Analysis Updated
Apr 16, 2026 - 05:54 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
6.0.0.4013
EUVD ID Assigned
Mar 14, 2026 - 22:15 euvd
EUVD-2025-18647
Analysis Generated
Mar 14, 2026 - 22:15 vuln.today
CVE Published
Jun 17, 2025 - 21:15 nvd
CRITICAL 9.8

DescriptionNVD

An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49212 but is in a different method.

AnalysisAI

Critical pre-authentication remote code execution vulnerability in Trend Micro Endpoint Encryption PolicyServer caused by insecure deserialization. An unauthenticated attacker can exploit this vulnerability over the network with no user interaction required to achieve complete system compromise (confidentiality, integrity, and availability impact). This vulnerability is actively being tracked and should be prioritized for immediate patching as it requires no privileges or complex attack conditions.

Technical ContextAI

The vulnerability exists in Trend Micro Endpoint Encryption PolicyServer and stems from unsafe deserialization practices (CWE-477: Deserialization of Untrusted Data). The PolicyServer likely deserializes untrusted data from network requests without proper validation, allowing an attacker to instantiate arbitrary objects and execute code during the deserialization process. This is similar to CVE-2025-49212 but occurs in a different code method, suggesting a systematic pattern of insecure deserialization across multiple functions in the PolicyServer component. The vulnerability is accessible pre-authentication, meaning no valid credentials are required to trigger it. The affected product is Trend Micro Endpoint Encryption, specifically the PolicyServer component which manages encryption policies for endpoints.

RemediationAI

  1. IMMEDIATE: Apply the latest security patch from Trend Micro for Endpoint Encryption PolicyServer when released - monitor Trend Micro security advisory pages for CVE-2025-49213 patch availability; 2) INTERIM MITIGATION: If patch is not immediately available, implement network-level controls restricting access to PolicyServer ports (typically 443/HTTPS for management interface) to trusted administrative networks only; 3) Disable PolicyServer network access if not actively required; 4) Implement Web Application Firewall (WAF) rules to detect and block suspicious deserialization payloads if PolicyServer traffic analysis signatures are available; 5) Monitor PolicyServer logs for suspicious deserialization errors or unexpected object instantiation attempts; 6) Plan emergency patching procedures given pre-authentication RCE severity; 7) Verify patch installation includes fixes for both CVE-2025-49213 and the related CVE-2025-49212 to ensure comprehensive remediation.

Share

CVE-2025-49213 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy