CRITICAL🇵🇱 Wersja polska

CVE-2025-49216

CVSS 9.8v3.1pub. 2025-06-17upd. 2025-09-08

An authentication bypass vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to access key methods as an admin user and modify product configurations on affected installations.

🤖 AI Analysis
How it works

The error classified as CWE-477 (use of deprecated function) allows an attacker to bypass authentication mechanisms in PolicyServer and directly invoke key methods reserved for administrators. The attack is possible remotely over the network without requiring any credentials or user interaction. An exceptionally low barrier to entry means the exploit can be carried out by anyone with access to PolicyServer.

Impact

An attacker can gain full administrative access to PolicyServer and arbitrarily modify Endpoint Encryption product configurations, which may result in bypassing disk encryption mechanisms or compromising security policies across the entire organization.

Mitigation & patch

Patches available from the vendor should be applied in accordance with the references — detailed information about patched versions can be found in the Trend Micro bulletin at https://success.trendmicro.com/en-US/solution/KA-0019928. Until the patch is deployed, it is recommended to restrict network access to PolicyServer only to trusted hosts through firewall rules.

Who is affected

Trend Micro Endpoint Encryption PolicyServer running on Microsoft Windows — specific versions indicated in vendor references (https://success.trendmicro.com/en-US/solution/KA-0019928).

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Microsoft Windows

    OS
    Microsoft
    wszystkie wersje
  • Trendmicro Trend Micro Endpoint Encryption

    APP
    Trendmicro
    < 6.0.0.4013
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2026-8398CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Atak na łańcuch dostaw DAEMON Tools Lite — trojanizacja instalatorów

CVE-2025-10585CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty

CVE-2025-34028CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP

CVE-2024-7262CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Path Traversal w Kingsoft WPS Office — ładowanie dowolnej biblioteki Windows

CVE-2024-4577CRITICAL9.8⚠ KEVPL ✓ten sam produkt

PHP CGI argument injection – RCE na Windows przez mechanizm Best-Fit