CRITICAL🇵🇱 Wersja polska

CVE-2025-49212

CVSS 9.8v3.1pub. 2025-06-17upd. 2025-09-08

An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49220 but is in a different method.

🤖 AI Analysis
How it works

The PolicyServer component handles data deserialization in an unsafe manner (insecure deserialization), meaning that input data supplied by an attacker is deserialized without proper validation or filtering. An attacker can craft a malicious payload and submit it to the server before the authentication process. The vulnerability affects a different method than the related CVE-2025-49220, but both flaws have similar characteristics and consequences.

Impact

An attacker can gain full control over the system running PolicyServer, including the ability to read, modify or delete data, and perform lateral movement across the network. Compromise of the encryption policy management server could result in the disclosure of authentication credentials and encryption keys managed by the product.

Mitigation & patch

Patches available from the vendor should be applied according to references — details in the Trend Micro bulletin: https://success.trendmicro.com/en-US/solution/KA-0019928. Due to pre-authentication RCE with CVSS 9.8 rating, the update should be deployed immediately. Until the update is applied, it is recommended to restrict network access to PolicyServer only to trusted hosts using a firewall.

Who is affected

Trend Micro Endpoint Encryption PolicyServer running on Microsoft Windows — specific versions indicated in the vendor's references (https://success.trendmicro.com/en-US/solution/KA-0019928)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Microsoft Windows

    OS
    Microsoft
    wszystkie wersje
  • Trendmicro Trend Micro Endpoint Encryption

    APP
    Trendmicro
    < 6.0.0.4013
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEDeserialization
CWE
References

Related vulnerabilities

CVE-2026-8398CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Atak na łańcuch dostaw DAEMON Tools Lite — trojanizacja instalatorów

CVE-2025-10585CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty

CVE-2025-34028CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP

CVE-2024-7262CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Path Traversal w Kingsoft WPS Office — ładowanie dowolnej biblioteki Windows

CVE-2024-4577CRITICAL9.8⚠ KEVPL ✓ten sam produkt

PHP CGI argument injection – RCE na Windows przez mechanizm Best-Fit