Skip to main content

Trend Micro CVE-2025-49218

| EUVDEUVD-2025-18560 HIGH
SQL Injection (CWE-89)
2025-06-17 security@trendmicro.com
7.7
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.7 HIGH
AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
High
Availability
High

Lifecycle Timeline

6
Analysis Updated
Apr 16, 2026 - 06:37 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
6.0.0.4013
EUVD ID Assigned
Mar 14, 2026 - 22:15 euvd
EUVD-2025-18560
Analysis Generated
Mar 14, 2026 - 22:15 vuln.today
CVE Published
Jun 17, 2025 - 21:15 nvd
HIGH 7.7

DescriptionCVE.org

A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. This is similar to, but not identical to CVE-2025-49215.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.

AnalysisAI

Post-authentication SQL injection vulnerability in Trend Micro Endpoint Encryption PolicyServer that allows low-privileged authenticated users to escalate privileges through SQL injection attacks. The vulnerability has a CVSS score of 7.7 (high severity) with significant impact on confidentiality, integrity, and availability. While this is a post-auth vulnerability requiring initial low-privileged code execution, successful exploitation enables privilege escalation, making it a critical concern for organizations running affected PolicyServer instances.

Technical ContextAI

This vulnerability exploits improper input validation in SQL query construction within Trend Micro Endpoint Encryption PolicyServer (CWE-89: Improper Neutralization of Special Elements used in an SQL Command). The PolicyServer component, which manages encryption policies across endpoints, fails to properly sanitize user-supplied input before incorporating it into SQL queries. Unlike pre-authentication SQL injection, this variant requires the attacker to already have low-privileged access to the system, reducing the attack surface but increasing post-compromise risk. The vulnerability is similar to but distinct from CVE-2025-49215, suggesting a class of related SQL injection issues in the same product line that may indicate systemic input validation weaknesses in the PolicyServer codebase.

RemediationAI

  1. Apply vendor-supplied security patches from Trend Micro immediately upon availability. Check Trend Micro's official security advisory portal for CVE-2025-49218 patch details and affected version numbers. 2. Implement access controls limiting local system access to PolicyServer to authorized administrators only. 3. Restrict PolicyServer database access to authenticated, authorized users through role-based access control (RBAC). 4. Monitor PolicyServer logs for suspicious SQL patterns or unusual database query activity that may indicate exploitation attempts. 5. Implement input validation and parameterized/prepared SQL statements in any custom scripts or integrations with PolicyServer. 6. Consider network segmentation to restrict PolicyServer access to trusted administrative networks only. 7. Maintain current backups of PolicyServer database and configurations to enable rapid recovery if compromise occurs.
CVE-2016-7552 CRITICAL POC
9.8 Apr 12

On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows

CVE-2016-7547 CRITICAL POC
9.8 Apr 12

A command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone parameter in

CVE-2017-11394 CRITICAL POC
9.8 Aug 03

Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitr

CVE-2017-11391 HIGH POC
8.8 Aug 03

Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote att

CVE-2017-11392 HIGH POC
8.8 Aug 03

Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote att

CVE-2016-6267 HIGH POC
8.8 Jan 30

SnmpUtils in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330

CVE-2017-6398 HIGH POC
8.8 Mar 14

An issue was discovered in Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600. Rated high severity (C

CVE-2017-7896 MEDIUM POC
6.1 Apr 18

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 before CP 1644 has XSS. Rated medium severity (CV

CVE-2017-14078 CRITICAL
9.8 Sep 22

SQL Injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attac

CVE-2016-3987 CRITICAL POC
9.8 Apr 12

The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url para

CVE-2017-14089 CRITICAL POC
9.8 Oct 06

An Unauthorized Memory Corruption vulnerability in Trend Micro OfficeScan 11.0 and XG may allow remote unauthenticated u

CVE-2020-8606 CRITICAL POC
9.8 May 27

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authent

Share

CVE-2025-49218 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy