CRITICAL🇵🇱 Wersja polska

CVE-2025-49213

CVSS 9.8v3.1pub. 2025-06-17upd. 2025-09-08

An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49212 but is in a different method.

🤖 AI Analysis
How it works

The vulnerability is based on an unsafe deserialization operation (CWE-502) performed before the authentication stage in the PolicyServer component. An attacker can send a specially crafted payload that, when deserialized by the server, leads to arbitrary code execution at the system level. The vulnerability affects a different method than CVE-2025-49212, but the attack mechanism is analogous. The network vector without authentication requirements and user interaction makes exploitation particularly simple.

Impact

An unauthenticated attacker can gain full control over the system running PolicyServer, including confidentiality, integrity, and availability of data (CVSS ratings: C:H/I:H/A:H). Successful exploitation of the vulnerability enables RCE at the level of the server managing endpoint encryption policies.

Mitigation & patch

Patches available from the vendor should be applied immediately in accordance with the official Trend Micro bulletin (KA-0019928). Until the patch is deployed, it is recommended to restrict network access to PolicyServer only from trusted hosts and to implement network segmentation.

Who is affected

Trend Micro Endpoint Encryption PolicyServer installed on Microsoft Windows — specific versions indicated in the vendor's references (https://success.trendmicro.com/en-US/solution/KA-0019928)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Microsoft Windows

    OS
    Microsoft
    wszystkie wersje
  • Trendmicro Trend Micro Endpoint Encryption

    APP
    Trendmicro
    < 6.0.0.4013
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEDeserialization
CWE
References

Related vulnerabilities

CVE-2026-8398CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Atak na łańcuch dostaw DAEMON Tools Lite — trojanizacja instalatorów

CVE-2025-10585CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty

CVE-2025-34028CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP

CVE-2024-7262CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Path Traversal w Kingsoft WPS Office — ładowanie dowolnej biblioteki Windows

CVE-2024-4577CRITICAL9.8⚠ KEVPL ✓ten sam produkt

PHP CGI argument injection – RCE na Windows przez mechanizm Best-Fit