Skip to main content

Trend Micro CVE-2025-49217

| EUVD-2025-18650 CRITICAL
Use of Obsolete Function (CWE-477)
2025-06-17 security@trendmicro.com
Authentication Bypass RCE Deserialization Trend Micro Trend Micro Endpoint Encryption
9.8
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Analysis Updated
Apr 16, 2026 - 05:54 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
6.0.0.4013
EUVD ID Assigned
Mar 14, 2026 - 22:15 euvd
EUVD-2025-18650
Analysis Generated
Mar 14, 2026 - 22:15 vuln.today
CVE Published
Jun 17, 2025 - 21:15 nvd
CRITICAL 9.8

DescriptionNVD

An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49213 but is in a different method.

AnalysisAI

Pre-authentication remote code execution vulnerability in Trend Micro Endpoint Encryption PolicyServer caused by insecure deserialization. Attackers can exploit this vulnerability over the network without authentication to achieve arbitrary code execution with complete system compromise (confidentiality, integrity, and availability impact). This is a critical, actively exploitable vulnerability affecting Trend Micro Endpoint Encryption deployments; similar to CVE-2025-49213 but in a different vulnerable method, indicating a pattern of insecure deserialization issues in the same product.

Technical ContextAI

The vulnerability exists in Trend Micro Endpoint Encryption PolicyServer's deserialization handling (CWE-477: Unsafe Deserialization). The PolicyServer component accepts serialized objects from remote clients without proper validation before deserializing them. This is a classic unsafe deserialization flaw where untrusted input is reconstructed into arbitrary objects, allowing attackers to trigger gadget chains or instantiate malicious classes. The vulnerability is network-accessible (AV:N) with no authentication required (PR:N), indicating it likely affects unauthenticated API endpoints or service ports exposed on the network. The existence of a similarly-numbered CVE (CVE-2025-49213) in the same product suggests multiple deserialization code paths or methods within PolicyServer that lack proper input validation—a systemic architectural issue.

RemediationAI

  1. IMMEDIATE: Apply security patches from Trend Micro for Endpoint Encryption PolicyServer as released in the official security advisory. 2. INTERIM MITIGATIONS: Restrict network access to PolicyServer ports (typically 443/HTTPS and other service ports) using firewall rules—limit access to trusted management networks only. Disable public internet exposure of PolicyServer. 3. MONITORING: Enable detailed logging on PolicyServer for deserialization events and monitor for suspicious serialized object patterns in network traffic. 4. UPGRADE: Prioritize patching to the latest Trend Micro Endpoint Encryption version that includes the fix for CVE-2025-49217. Consult Trend Micro's security advisory page for specific patch versions and download links. 5. VALIDATION: After patching, verify functionality of PolicyServer and endpoint encryption policies across managed endpoints.

Share

CVE-2025-49217 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy