CVE-2025-49216

critical

Description

An authentication bypass vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to access key methods as an admin user and modify product configurations on affected installations.

References

References
More

https://www.securityweek.com/critical-vulnerabilities-patched-in-trend-micro-apex-central-endpoint-encryption-policyserver/

https://securityaffairs.com/178952/security/trend-micro-fixes-critical-bugs-in-apex-central-and-tmee-policyserver.html

https://www.bleepingcomputer.com/news/security/trend-micro-fixes-six-critical-flaws-on-apex-central-endpoint-encryption-policyserver/

https://www.zerodayinitiative.com/advisories/ZDI-25-373/

https://success.trendmicro.com/en-US/solution/KA-0019928

Details

Source: Mitre, NVD

Published: 2025-06-17

Updated: 2025-06-18

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H