CVE-2025-49215 | THREATINT

Description

A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.

PUBLISHED Reserved 2025-06-03 | Published 2025-06-17 | Updated 2025-06-18 | Assigner trendmicro

HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-242: Use of Inherently Dangerous Function

Product status

6.0 (semver) before 6.0.0.4013

affected

References

success.trendmicro.com/en-US/solution/KA-0019928

www.zerodayinitiative.com/advisories/ZDI-25-372/

cve.org (CVE-2025-49215)

nvd.nist.gov (CVE-2025-49215)

Download JSON