CRITICAL🇵🇱 Wersja polska

CVE-2025-49217

CVSS 9.8v3.1pub. 2025-06-17upd. 2025-09-08

An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49213 but is in a different method.

🤖 AI Analysis
How it works

The PolicyServer component deserializes data transmitted over the network without proper verification of its origin or content, using an unsafe deserialization operation (CWE-477, CWE-502). An attacker can provide a crafted payload that will be deserialized before any authentication stage, leading directly to code execution in the server context. The vulnerability is similar to CVE-2025-49213, but affects a different method in the same component.

Impact

An attacker without any privileges can obtain full remote code execution (RCE) on the vulnerable server, leading to compromise of confidentiality, integrity, and availability of the system.

Mitigation & patch

Apply patches available from the vendor according to the references — detailed information about the patch version is available at https://success.trendmicro.com/en-US/solution/KA-0019928

Who is affected

Trend Micro Endpoint Encryption PolicyServer installed on Microsoft Windows — exact versions indicated in the vendor references (https://success.trendmicro.com/en-US/solution/KA-0019928)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Microsoft Windows

    OS
    Microsoft
    wszystkie wersje
  • Trendmicro Trend Micro Endpoint Encryption

    APP
    Trendmicro
    < 6.0.0.4013
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEDeserialization
CWE
References

Related vulnerabilities

CVE-2026-8398CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Atak na łańcuch dostaw DAEMON Tools Lite — trojanizacja instalatorów

CVE-2025-10585CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty

CVE-2025-34028CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP

CVE-2024-7262CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Path Traversal w Kingsoft WPS Office — ładowanie dowolnej biblioteki Windows

CVE-2024-4577CRITICAL9.8⚠ KEVPL ✓ten sam produkt

PHP CGI argument injection – RCE na Windows przez mechanizm Best-Fit