CVE-2025-49218

high

Description

A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. This is similar to, but not identical to CVE-2025-49215. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.

References

https://securityaffairs.com/178952/security/trend-micro-fixes-critical-bugs-in-apex-central-and-tmee-policyserver.html

https://www.zerodayinitiative.com/advisories/ZDI-25-375/

https://success.trendmicro.com/en-US/solution/KA-0019928

Details

Source: Mitre, NVD

Published: 2025-06-17

Updated: 2025-06-17

Risk Information

CVSS v2

Base Score: 5.7

Vector: CVSS2#AV:L/AC:H/Au:S/C:P/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.7

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H

Severity: High