An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49212 but is in a different method.
The vulnerability is based on an unsafe deserialization operation (CWE-502) performed before the authentication stage in the PolicyServer component. An attacker can send a specially crafted payload that, when deserialized by the server, leads to arbitrary code execution at the system level. The vulnerability affects a different method than CVE-2025-49212, but the attack mechanism is analogous. The network vector without authentication requirements and user interaction makes exploitation particularly simple.
An unauthenticated attacker can gain full control over the system running PolicyServer, including confidentiality, integrity, and availability of data (CVSS ratings: C:H/I:H/A:H). Successful exploitation of the vulnerability enables RCE at the level of the server managing endpoint encryption policies.
Patches available from the vendor should be applied immediately in accordance with the official Trend Micro bulletin (KA-0019928). Until the patch is deployed, it is recommended to restrict network access to PolicyServer only from trusted hosts and to implement network segmentation.
Trend Micro Endpoint Encryption PolicyServer installed on Microsoft Windows — specific versions indicated in the vendor's references (https://success.trendmicro.com/en-US/solution/KA-0019928)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HMicrosoft Windows
OSMicrosoftwszystkie wersjeTrendmicro Trend Micro Endpoint Encryption
APPTrendmicro< 6.0.0.4013
Related vulnerabilities
Atak na łańcuch dostaw DAEMON Tools Lite — trojanizacja instalatorów
Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty
Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP
Path Traversal w Kingsoft WPS Office — ładowanie dowolnej biblioteki Windows
PHP CGI argument injection – RCE na Windows przez mechanizm Best-Fit