Home

Description

An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49213 but is in a different method.

PUBLISHED Reserved 2025-06-03 | Published 2025-06-17 | Updated 2025-06-18 | Assigner trendmicro




CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-477: Use of Obsolete Function

Product status

6.0 (semver) before 6.0.0.4013
affected

References

success.trendmicro.com/en-US/solution/KA-0019928

www.zerodayinitiative.com/advisories/ZDI-25-374/

cve.org (CVE-2025-49217)

nvd.nist.gov (CVE-2025-49217)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.